Event Message:

Audit Policy Change: New Policy: Success Failure parameter parameter System parameter parameter Logon/Logoff parameter parameter Object Access parameter parameter Privilege Use parameter parameter Detailed Tracking parameter parameter Policy Change parameter 3 parameter 4 Account Management Changed By: User Name: parameter 5 Domain Name: name Logon ID: parameter 7

Explanation:

This event record indicates that an audit policy was changed. The actual changes are shown in the audit log file. Changing an audit policy can have serious security implications. Audit policies changed by a user who is not trusted can be a security risk.

User Action:

The person with administrative rights for the computer should make sure the user is supposed to have the privilege to change audit policies. The audit log should be checked to make sure the audit change does not have an adverse impact.