Auditpol

 

Updated: April 17, 2012

Applies To: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8

Displays information about and performs functions to manipulate audit policies.

For examples of how this command can be used, see the Examples section in each topic.

Auditpol command [<sub-command><options>]

Sub-command

Description

/get

Displays the current audit policy.

See Auditpol get for syntax and options.

/set

Sets the audit policy.

See Auditpol set for syntax and options.

/list

Displays selectable policy elements.

See Auditpol list for syntax and options.

/backup

Saves the audit policy to a file.

See Auditpol backup for syntax and options.

/restore

Restores the audit policy from a file that was previously created by using auditpol /backup.

See Auditpol restore for syntax and options.

/clear

Clears the audit policy.

See Auditpol clear for syntax and options.

/remove

Removes all per-user audit policy settings and disables all system audit policy settings.

See Auditpol remove for syntax and options.

/resourceSACL

Configures global resource system access control lists (SACLs).

System_CAPS_noteNote

Applies only to Windows 7 and Windows Server 2008 R2.

See Auditpol resourceSACL.

/?

Displays help at the command prompt.

The audit policy command-line tool can be used to:

  • Set and query a system audit policy.

  • Set and query a per-user audit policy.

  • Set and query auditing options.

  • Set and query the security descriptor used to delegate access to an audit policy.

  • Report or back up an audit policy to a comma-separated value (CSV) text file.

  • Load an audit policy from a CSV text file.

  • Configure global resource SACLs.

Show: