If you have enabled only audit and monitoring service on a computer and defined access roles:
- Users will be able to log on if they are assigned to a role where audit and monitoring service is required as long as the agent is running.
- Users will be able to log on if they are assigned to a role where the audit if possible option is set. In this case, logging on starts a video record of all user activity on the computer. Because identity and privilege management are not enabled, the user cannot select any access roles that provide desktop, application, or network access rights. The user cannot change roles so only the audit trail records successful and failed logons events.
- Users will be able to log on if they are assigned to a role that does not require audit and monitoring service. In this case, audit trail events are recorded, but no session activity is captured.
- Auditors will be able to review all or selected user activity on these computers, and you can define audit roles to control who has access to the captured user sessions based on the criteria you specify.