Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > Reduce event noise from service account auditing

Reduce event noise from service account auditing

Table of contents

Updated April 4, 2017

Overview

This article describes how to reduce auditing on certain Windows accounts so as to avoid logging audit events for the account. 

Environment

  • All LEM versions
  • Windows

Detail

The auditpol command can be used to exclude Windows accounts from logging and avoid events related to the account from being generated. See the following Microsoft articles for additional reference:

(© 2017 Microsoft, available at https://technet.microsoft.com/, obtained on April 3, 2017.)

Depending on the Windows version, the commands to disable all auditing on a user account may look like the following:

auditpol /set /user:DomainName\ServiceAccountUser /exclude /category:*

auditpol /set /user:LocalServiceAccountUser /exclude /category:*

 

Note: Different versions of Windows have different formats for the auditpol command. 

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

Last modified

Tags

Classifications

Public