Advanced Security Audit Policy Settings

Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012

This reference for provides information about one collection of auditing settings available in Windows operating systems beginning with Windows Server 2008 R2 and Windows 7 and the audit events that they generate.

The 53 security audit policy settings under Security Settings\Advanced Audit Policy Configuration can help your organization audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:

• A group administrator has modified settings or data on servers that contain finance information.

• An employee within a defined group has accessed an important file.

• The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access.

These 53 settings allow you to select only the behaviors that you want to monitor and exclude audit results for behaviors that are of little or no concern to you, or behaviors that create an excessive number of log entries. In addition, because Windows 7 and Windows Server 2008 R2 security audit policy can be applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups with relative simplicity.

Audit policy settings under Security Settings\Advanced Audit Policy Configuration are available in the following categories:

• Account Logon

• Account Management

• Detailed Tracking

• DS Access

• Logon/Logoff

• Object Access

• Policy Change

• Privilege Use

• System

• Global Object Access Auditing