Hi all. I have set the attribute "Audit privilege use" to "No auditing" in my default domain policy. I have run RSOP on a workstation and it confirms this setting is inherited from my default domain policy and set to No auditing, yet I still get these events appearing in my security log. Any idea why? Many thanks Andrew