Export (0) Print
Expand All

Auditpol remove

Updated: April 17, 2012

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Removes the per-user audit policy for a specified account or all accounts.

For examples of how this command can be used, see Examples.

Auditpol /remove [/user[:<username>|<{SID}>]]
[/allusers]

 

Parameter Description

/user

Specifies the security identifier (SID) or user name for the user for whom the per-user audit policy is to be deleted.

/allusers

Removes the per-user audit policy for all users.

/?

Displays help at the command prompt.

For remove operations for the per-user policy, you must have Write or Full Control permission on that object set in the security descriptor. You can also perform remove operations by possessing the Manage auditing and security log (SeSecurityPrivilege) user right. However, this right allows additional access that is not necessary to perform the remove operation.

To remove the per-user audit policy for user mikedan by name, type:

Auditpol /remove /user:mikedan

To remove the per-user audit policy for user mikedan by SID, type:

Auditpol /remove /user:{S-1-5-21-397123471-12346959}

To remove the per-user audit policy for all users, type:

Auditpol /remove /allusers

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft