How can I enable full "Event Audit Logs" by default for all new cases in AD Enterprise instead of having to enable them for each case individually?
- Ensure AD Enterprise is closed
- Open regedit.exe (as Administrator)
- Navigate to the key "HKEY_LOCAL_MACHINE\SOFTWARE\AccessData\Products\Forensic Toolkit\"
- Create a new DWORD value named "enable_audit_logging_ui" with the decimal value 11
This works for AD Enterprise 5.3 and newer.