Generate security audits
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access.
This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers.
By default, only the LocalSystem account has the privilege to be used by processes to generate security audits.