Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
Updated: June 15, 2009
Applies To: Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Vista
Windows Vista introduced the ability to manage audit policy in a more precise way by using audit policy settings (under Advanced Audit Policy Configuration). Setting audit policy by using basic audit policy categories will override the subcategory audit policy settings in Advanced Audit Policy Configuration. Group Policy allows audit policy to be set only at the category level, and existing Group Policy settings may override the subcategory settings of new computers as they are joined to the domain or upgraded.
Enabling the Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings policy setting allows audit policy to be managed by using subcategories without requiring a change to Group Policy. This policy setting enables the SCENoApplyLegacyAuditPolicy registry value to prevent the application of category-level audit policy from Group Policy and from the Local Security Policy snap-in. This policy setting can be enabled on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.
If the category-level audit policy set here is not consistent with the events that are currently being generated, the cause might be that this registry key is set.