Audit trail of privileged events

Even when the auditing and monitoring service is not recording a session, it keeps a record of every event in which the user selected a role that provides elevated privileges.

To view audit trail events for elevated privileges:

  1. Log in using your administrator account and open Access Manager.
  2. Expand the console tree to the Authorization node for your evaluation zone.
  3. Select the ControlPanelAdmin role, right-click, then select Properties.
  4. Click the Audit tab and select Audit not requested/required.
  5. Log off and then log in as amy.adams.
  6. Verify that you do not have elevated privileges by trying to change firewall settings in Control Panel.
  7. Right-click your Control Panel shortcut, select the ControlPanelAdmin role, and verify that you now have the rights to change firewall settings.
  8. Close Control Panel and perform several more operations.
  9. On the Windows client computer, open Audit Analyzer, select Active Sessions, and refresh the display.
  10. Open the currently active session for your Windows client computer. You should find that none of your recent operations were recorded.
  11. Right-click the Audit Events node, then select Query Audit Events.
  12. In the dialog box, enter your search criteria, such as a role name, event time, or the type of event you are interested in locating, then click OK. All of the events that match the criteria you specify are listed. If the event involved an audited role and you are capturing video records of audited activity, you can right-click an event to Replay the activity recorded.

    All of the events that match the criteria you specify are listed. If the event involved an audited role and you are capturing video records of audited activity, you can right-click an event to Replay the activity recorded.