Export (0) Print
Expand All

Audit Other Policy Change Events

Updated: June 15, 2009

Applies To: Windows 7, Windows Server 2008 R2

This security policy setting determines whether the operating system generates events for security policy changes that are not otherwise audited in the Policy Change category, such as the following:

  • Trusted Platform Module (TPM) configuration changes.

  • Kernel-mode cryptographic self tests.

  • Cryptographic provider operations.

  • Cryptographic context operations or modifications.

Event volume: Low

Default: Not configured

If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

 

Event ID Event message  

4670

Permissions on an object were changed.

4909

The local policy settings for the TBS were changed.

4910

The group policy settings for the TBS were changed.

5063

A cryptographic provider operation was attempted.

5064

A cryptographic context operation was attempted.

5065

A cryptographic context modification was attempted.

5066

A cryptographic function operation was attempted.

5067

A cryptographic function modification was attempted.

5068

A cryptographic function provider operation was attempted.

5069

A cryptographic function property operation was attempted.

5070

A cryptographic function property modification was attempted.

5447

A Windows Filtering Platform filter has been changed.

6144

Security policy in the group policy objects has been applied successfully.

6145

One or more errors occurred while processing security policy in the group policy objects.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft