FileAudit scans the Microsoft Security logs of the audited machine in real-time to capture all access events. By default, the credentials used to connect and scan the machine log are those defined in the FileAudit service.
This scan process requires at least local administrator privileges on the target machine. If the credentials of the service are not sufficient to activate the scan, you can define impersonation accounts to use instead of FileAudit service credentials. If you have defined several audit paths targeting different machines, you can enter an account for each machine in the ‘Accounts’ tab.
Click ‘Add an account’ and provide the correct credentials: