How can I enable full "Event Audit Logs" by default for all new cases in AD Enterprise instead of having to enable them for each case individually?



  1. Ensure AD Enterprise is closed
  2. Open regedit.exe (as Administrator)
  3. Navigate to the key "HKEY_LOCAL_MACHINE\SOFTWARE\AccessData\Products\Forensic Toolkit\"
  4. Create a new DWORD value named "enable_audit_logging_ui" with the decimal value 11



This works for AD Enterprise 5.3 and newer.