This security setting determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service if the Audit: Shut down system immediately if unable to log security audits security policy setting is enabled. For more information about the Audit: Shut down system immediately if unable to log security audits security policy setting, see Audit: Shut down system immediately if unable to log security audits

Default: Local System.

You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\

For specific instructions about how to configure security policy settings, see Edit security settings on a Group Policy object.

For more information, see:

• Manage auditing and security log
  
  
• User Rights Assignment
  
  
• Assign user rights for your local computer
  
  
• Security Configuration Manager tools