What does my service account need to get around the error "Manage Auditing user right" in robocopy?

I am creating a scheduled task that calls robocopy from a script on Windows Server 2012 R2. It currently throws the following error regardless of it being run manually or from a scheduled task:

ERROR : You do not have the Manage Auditing user right.
*****  You need this to copy auditing information (/COPY:U or /COPYALL).

The task is set to "Run whether user is logged in or not" and "Run with highest privileges" already. The script is below:

Add-Content E:\ITS\CopyScripts\box1-backup-robocopy.log "script running"
#Input the variables for the robocopy script
$Source = "\\box1-prod\images\prod\"
$Destination = "E:\Box1\Backups\images"
$Retries = 1

#This is the Robocopy script
Robocopy.exe $Source $Destination /E /Z /COPYALL /XO /r:$Retries /purge /xd '$RECYCLE.BIN' 'System Volume Information' '._nfs' /log:E:\ITS\CopyScripts\box1-backup-robocopy.log /tee

Any help resolving this would be much appreciated.

Solution 1:

Run gpedit.msc

Computer > Windows Settings > Security Settings > Local Policies > User Rights >

Manage auditing and security log

Solution 2:

If you need to work around this and cannot get the auditing rights, you can copy everything EXCEPT the auditing information by replacing /COPYALL with this option:

 /COPY:DATSO

See also: https://adamtheautomator.com/robocopy/