A. Using the regedt32.exe utility it is possible to
set auditing on certain parts of the registry. I should note that any type
of auditing is very sensitive lately and you may want to add some sort of
warning letting people know that their changes are being audited.
- Start the registry editor (regedt32.exe)
- Select the key you wish to audit (e.g. HKEY_LOCAL_MACHINE\Software)
- From the Security menu select Auditing
- Check the "Audit Permission on Existing Subkeys" if you
want subkeys to also be audited
- Click the Add button and select the users you want to be audited,
click Add and then click OK
- Once there are names in the "Names" box you can select
which events to be audited, whether success or failure.
- When you have filled in all the information click OK
You will need to make sure that Auditing for File and Object access is
enabled (use User Manager - Polices - Audit).
To view the information use Event Viewer and look at the Security
information.