We are confused using the expression for CID 2392 - Current list of User Accounts granted the 'Manage Auditing and Security Log (SeSecurityPrivilege)' right.
We have a scenario where we need to check Admin & Log.Audit to be present there.
Admin is compulsory value but log.audit is not. Can someone tell me which expression gives me the best evaluation?
Systems without log.audit should also pass but without Admin should fail.
|does not contain|
|is contained in|