WinSecWiki > Security Settings > Advanced Audit Policies > Object Access > Application Generated

Audit Application Generated

This category apparently logs provides a way for applications to report audit events to the security log and is no doubt related to Authorization Manager. I've not researched this category and welcome any help from the community in documenting it. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

This category is also used by the LOGbinder family of agents for reporting application audit events from SharePoint, SQL Server and more.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID Title
4665 An attempt was made to create an application client context.
4666 An application attempted an operation
4667 An application client context was deleted
4668 An application was initialized.
11 - 66 SharePoint Audit Events Generated by LOGbinder SP

Back to top

 

Additional Resources