WinSecWiki
Windows Security Settings
Articles
WinSecWiki
»
Windows Security Settings
»
Local Policies
»
Audit Policy
»
Audit policy change
»
OVERVIEW: Audit Policy Change
OVERVIEW: Audit Policy Change
OVERVIEW: Audit Policy Change
The Audit policy change policy provides notification of changes to important security policies on the local system, such as changes to the system’s audit policy or, when the local system is a DC, changes to trust relationships.
The following is an exerpt from my book,
The Windows Server Security Log Revealed
:
The Policy Change category provides notification of changes to important security policies on the local system, such as to the system’s audit policy or, in the case of DCs, to trust relationships.
For a list of Event IDs generated by this category, see the
Security Log Encyclopedia
.
Bottom Line
Windows XP, 2000 and 2003: I recommend enabling this policy for success on all computers including workstations. We have not observed any failure events in this category.
Windows Server 2008 and Vista: I don't recommend managing audit policy at this level because too much noise is generated. Use subcategories instead.
See Audit Category: Policy Change
(Windows Server 2008 and Vista).
Add Your Comments
Name:
*
Email Address:
Web Address:
Verification Code:
*
Details
Rated 5 stars based on 1 vote.
Article has been viewed 2,655 times.
Options
Bookmark Article
Social Bookmarks
Comments RSS
Upcoming Webinars
Cutting through the Hype: What is Big Data Security Analytics?
3 Ways Two-Factor Authentication Can Stop APTs from Spreading
Top 6 Security Events to Monitor in SQL Server
Top 10 Security Events to Monitor in SharePoint
Additional Resources
Security Log Quick Reference Chart
Learn about the SharePoint Audit Log
Patch Tuesday Analysis
User name:
Password:
/
Forgot?
Register
Home