To limit auditing to specific roles or desktops, you turn off more generalized auditing and enable auditing for just the roles you care about. The following example illustrates how to audit only when the user switches to a privileged desktop.
To audit only when the user switches to a privileged desktop:
- Log in to the computer as the Administrator and open Access Manager.
- Expand the console tree to the Authorization node for your evaluation zone.
- Expand Role Definitions, select the
DesktopAdminrole, right-click, then select Properties.
- Click the Audit tab, select Audit if possible or Audit required.If auditing is required, users are prevented from using the role if auditing is not available or the agent is not running.
- Log off and then log in as
- Verify that you do not have elevated privileges by trying to change firewall settings in Control Panel.
- Open a new desktop and select the
- Perform operations, such as running the Firewall Control Panel and accessing the remote share on the Windows server, for which you need elevated privileges.
- Switch back to your default desktop.
- Open Audit Analyzer, select the Active Sessions node, and refresh the display.
Open the currently active session for the Windows client computer.
You should find that only the portion of the session when you were using the
DesktopAdmindesktop was recorded.