Audit Policies must be configured for respective computers that require audit.
Specific audit entries (SACLs) must be enabled for audit objects.
Configuring Audit Policy:
Audit Policies must be configured in any Active Directory environment; this ensures that relevant audit data are logged into the security logs of desired computers / domain controllers. ADAudit Plus will be able to collect and report audit data only for audit policy enabled computers.
Configuring the advanced audit policy in Windows Server (2008 R2, Windows 7 & above) environment ensures only the required security logs for auditing are collected, ensuring the disk space does not fill fast with unwanted logs.