When you assign a user or group account a specific user right, you are entrusting that user to perform an administrative task. However, studies show that many of the threats and attacks against networks come from trusted users. With this in mind, you may want to set up auditing so you can monitor use of user rights.

Once you enable auditing of privilege use, an event will be written to the security log each time a user successfully or unsuccessfully attempts to exercise a user right. You can enable this feature by opening the local security policy (Control Panel | Administrative Tools | Local Security Policy). Expand the following containers: Computer Configuration | Windows Settings | Security Settings | Local Policies | Audit Policy. Double click the option to Audit privilege use. Place a check beside Success and/or Failures (depending on the events you want to monitor). Click OK.

You can view any privilege use related events that occur by opening the Security log in the Event Viewer (Control Panel | Administrative Tools | Event Viewer).