diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp
index 0aa878f..6bccd22 100644
--- a/lib/EAPBase/src/Credentials.cpp
+++ b/lib/EAPBase/src/Credentials.cpp
@@ -360,7 +360,7 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned in
     DATA_BLOB cred_blob    = { (DWORD)cred_utf8.size() , const_cast<LPBYTE>(reinterpret_cast<LPCBYTE>(cred_utf8.data())) };
     DATA_BLOB entropy_blob = {        sizeof(s_entropy), const_cast<LPBYTE>(                          s_entropy        ) };
     data_blob cred_enc;
-    if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
+    if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_AUDIT, &cred_enc))
         throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
 
     tstring target(target_name(pszTargetName, level));
diff --git a/lib/EapHost/src/Credentials.cpp b/lib/EapHost/src/Credentials.cpp
index 6871ac7..abb42f5 100644
--- a/lib/EapHost/src/Credentials.cpp
+++ b/lib/EapHost/src/Credentials.cpp
@@ -153,7 +153,7 @@ void eap::credentials_eaphost::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned
         // Encrypt credentials BLOB using user's key.
         DATA_BLOB cred_blob    = { (DWORD)m_cred_blob.size(), const_cast<LPBYTE>(m_cred_blob.data()) };
         DATA_BLOB entropy_blob = {        sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy)          };
-        if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
+        if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_AUDIT, &cred_enc))
             throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
     }
 
diff --git a/lib/TLS/src/Credentials.cpp b/lib/TLS/src/Credentials.cpp
index 5cd1b20..deea341 100644
--- a/lib/TLS/src/Credentials.cpp
+++ b/lib/TLS/src/Credentials.cpp
@@ -179,7 +179,7 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int
         // Encrypt the certificate using user's key.
         DATA_BLOB cred_blob    = { m_cert->cbCertEncoded, m_cert->pbCertEncoded         };
         DATA_BLOB entropy_blob = { sizeof(s_entropy)    , const_cast<LPBYTE>(s_entropy) };
-        if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
+        if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_AUDIT, &cred_enc))
             throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
     }