Hello!
This page says:
There are two key requirements for writing SQL Server server audits to the Windows Security log:
- The audit object access setting must be configured to capture the events. The audit policy tool (
auditpol.exe) exposes a variety of sub-policies settings in theaudit object access category. To allow SQL Server to audit object access, configure theapplication generated setting. - The account that the SQL Server service is running under must have the generate security audits permission to write to the Windows Security log. By default, the LOCAL SERVICE and the NETWORK SERVICE accounts have this permission. This step is not required if SQL Server is running under one of those accounts.
- Provide full permission for the SQL Server service account to the registry hive
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security.
It's not clear to me if all of these three (not two!) key requirements must be met to allow SQL Server to write to the Security log or just any of them?
Thank you in advance,
Michael