Advanced Audit Policy Configuration

Updated: October 23, 2012

Applies To: Windows 7, Windows Server 2008 R2

This reference for the IT professional provides information about one collection of auditing settings available in Windows Server 2008 R2 and Windows 7 and the audit events that they generate.

The 53 security audit policy settings under Security Settings\Advanced Audit Policy Configuration can help your organization audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:

• A group administrator has modified settings or data on servers that contain finance information.

• An employee within a defined group has accessed an important file.

• The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access.

These 53 settings allow you to select only the behaviors that you want to monitor and exclude audit results for other behaviors. In addition, because Windows 7 and Windows Server 2008 R2 security audit policies can be applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups.

Audit policy settings under Security Settings\Advanced Audit Policy Configuration are available in the following categories:

• Account Logon

• Account Management

• Detailed Tracking

• DS Access

• Logon/Logoff

• Object Access

• Policy Change

• Privilege Use

• System

• Global Object Access Auditing

See Also

Concepts

Which Versions of Windows Support Advanced Audit Policy Configuration?