WinSecWiki
Windows Security Settings
Articles
WinSecWiki
»
Windows Security Settings
»
Local Policies
»
Security Options
»
Audit: Audit the use of Backup and Restore privilege
Audit: Audit the use of Backup and Restore privilege
Audit: Audit the use of Backup and Restore privilege
Enabling, this policy has no effect unless Audit privilege use events is also enabled.
By default there are a number of high volume rights that Windows does not audit even when you enable Audit privilege use. Enabling this policy makes Windows audit the use of high volume rights, SeBackupPrivilege and SeRestorePrivilege. Enabling this policy results in an event being logged for every object on the system affected by backups. I recommend against enabling this policy since it will only greatly increase the noise of the already noisy and low value Audit privilege use policy.
It is unclear whether enabling this policy also enables the audit of:
ChangeNotifyPrivilege
AuditPrivilege
CreateTokenPrivilege
AssignPrimaryTokenPrivilege
DebugPrivilege
Bottom line
I don't recommend enabling this policy because it generates even more events in a category that is already basically all noise anyway. I actually recommend disabling
Audit privilege use.
Add Your Comments
Name:
*
Email Address:
Web Address:
Verification Code:
*
Details
Article not rated yet.
Article has been viewed 1,656 times.
Options
Bookmark Article
Social Bookmarks
Comments RSS
Upcoming Webinars
Additional Resources
Security Log Quick Reference Chart
Security Log Resource Kit
Learn about the SharePoint Audit Log
Patch Tuesday Analysis
Workstation Configuration Management
Home
>
Windows
>
WinSecWiki
User name:
Password:
/
Forgot?
Register
Home