WinSecWiki > Security Settings > Advanced Audit Policies > Policy Change > Authentication Policy Change

Audit Authentication Policy Change

This category tracks any configuration changes that would impact how user accounts are authenticated although password and lockout policies are conspicuously missing. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
4706	A new trust was created to a domain.
4707	A trust to a domain was removed.
4713	Kerberos policy was changed.
4716	Trusted domain information was modified.
4717	System security access was granted to an account.
4718	System security access was removed from an account.
4865	A trusted forest information entry was added.
4866	A trusted forest information entry was removed.
4867	A trusted forest information entry was modified.

Back to top

 

Upcoming Webinars AD Certificate Services: A Massive Chunk of Windows Security Functionality Finally Gets the Security Research It Deserves Linux Security: Locking Down Admin Access with SSH and Sudo Understanding Broken Object Level Authorization: The Quiet Access Control Failure Undermining Today’s Apps Patching 3rd Party Apps on PCs Managed by Intune

Additional Resources