How do I stop audit for a user. 800xAService user is non-auditing. Can I make other users too non-auditable.
Background: I have 3rd party OPC writing values to 800xA and it generates lots audit events every second. For reasons beyond this discussion, I can not use Service user for this job.
Voted best answer
The OPC DA Surrogate can be tweaked to not produce audit. If client is using OPC DA Server today, you must redirect the client over to the surrogate first. This should not be any problem* unless surrogate is shared with other OPC clients.
Search AKS for "inhibit audit" and you will find many threads describing what registry key that need to be modified.
*) It's not recommended to mix asynchrouous with synchronous acting clients. As the later may block flow for the former. In parallel with the above mentioned registry key there is another (UseSame) that can be changed to force a unique instance (process) of the surrogate per connecting client. This can be used to keep different clients on different surrogates.
You are VERY correct in not using the service account for external OPC connection.
800xAService is a system user and not a log in user so it will not be audited. It is not possible to selectively enable / disable audit for any other particular user.
Try to find out the event details of your third party OPC audit events and try disabling (uncheck) that particular class of events from your audit configuration.