Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Auditpol list

Published: April 17, 2012

Updated: April 17, 2012

Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista

Lists audit policy categories and/or subcategories, or lists users for whom a per-user audit policy is defined.

For examples of how this command can be used, see Examples.

auditpol /list
[/v] [/r]


Parameter Description


Retrieves all users for whom the per-user audit policy has been defined. If used with the /v parameter, the security identifier (SID) of the user is also displayed.


Displays the names of categories understood by the system. If used with the /v parameter, the category globally unique identifier (GUID) is also displayed.


Displays the names of subcategories and their associated GUID.


Displays the GUID with the category or subcategory, or when used with /user, displays the SID of each user.


Displays the output as a report in comma-separated value (CSV) format.


Displays help at the command prompt.

For all list operations for the per-user policy, you must have Read permission on that object set in the security descriptor. You can also perform list operations by possessing the Manage auditing and security log (SeSecurityPrivilege) user right. However, this right allows additional access that is not necessary to perform the list operation.

To list all users who have a defined audit policy, type:

Auditpol /list /user

To list all users who have a defined audit policy and their associated SID, type:

Auditpol /list /user /v

To list all categories and subcategories in report format, type:

Auditpol /list /subcategory:* /r

To list the subcategories of the Detailed Tracking and DS Access categories, type:

Auditpol /list /subcategory:"Detailed Tracking","DS Access"

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft. All rights reserved.