Share via


Audit Distribution Group Management

 

Applies To: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8

This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Distribution Group Management, which determines whether the operating system generates audit events for specific distribution-group management tasks.

Tasks for distribution-group management that can be audited include:

  • A distribution group is created, changed, or deleted.

  • A member is added to or removed from a distribution group.

This subcategory to which this policy belongs is logged only on domain controllers.

Note

Distribution groups cannot be used to manage access control permissions.

Event volume: Low

Default: Not configured

If this policy setting is configured, the following events appear on computers running the supported versions of the Windows operating system as designated in the Applies To list at the beginning of this topic, in addition to Windows Server 2008.

Event ID

Event message

4744

A security-disabled local group was created.

4745

A security-disabled local group was changed.

4746

A member was added to a security-disabled local group.

4747

A member was removed from a security-disabled local group.

4748

A security-disabled local group was deleted.

4749

A security-disabled global group was created.

4750

A security-disabled global group was changed.

4751

A member was added to a security-disabled global group.

4752

A member was removed from a security-disabled global group.

4753

A security-disabled global group was deleted.

4759

A security-disabled universal group was created.

4760

A security-disabled universal group was changed.

4761

A member was added to a security-disabled universal group.

4762

A member was removed from a security-disabled universal group.

Advanced Security Audit Policy Settings