Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > Reduce event noise from service account auditing

Reduce event noise from service account auditing

Table of contents

Updated April 4, 2017


This article describes how to reduce auditing on certain Windows accounts so as to avoid logging audit events for the account. 


  • All LEM versions
  • Windows


The auditpol command can be used to exclude Windows accounts from logging and avoid events related to the account from being generated. See the following Microsoft articles for additional reference:

(© 2017 Microsoft, available at, obtained on April 3, 2017.)

Depending on the Windows version, the commands to disable all auditing on a user account may look like the following:

auditpol /set /user:DomainName\ServiceAccountUser /exclude /category:*

auditpol /set /user:LocalServiceAccountUser /exclude /category:*


Note: Different versions of Windows have different formats for the auditpol command. 


Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.


Last modified
21:17, 11 Apr 2017