Table of contents
TOC
Collapse the table of content
Expand the table of content

Basic security audit policy settings

Brian Lich|Last Updated: 5/31/2016
|
1 Contributor

Applies to

  • Windows 10

Basic security audit policy settings are found under Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy.

In this section

TopicDescription
Audit account logon eventsDetermines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account.
Audit account managementDetermines whether to audit each event of account management on a device.
Audit directory service accessDetermines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified.
Audit logon eventsDetermines whether to audit each instance of a user logging on to or logging off from a device.
Audit object accessDetermines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified.
Audit policy changeDetermines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies.
Audit privilege useDetermines whether to audit each instance of a user exercising a user right.
Audit process trackingDetermines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.
Audit system eventsDetermines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log.
© 2017 Microsoft