WinSecWiki > Security Settings > Advanced Audit Policies > Policy Change > Authentication Policy Change

Audit Authentication Policy Change

This category tracks any configuration changes that would impact how user accounts are authenticated although password and lockout policies are conspicuously missing. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event IDTitle
4706 A new trust was created to a domain.
4707 A trust to a domain was removed.
4713 Kerberos policy was changed.
4716 Trusted domain information was modified.
4717 System security access was granted to an account.
4718 System security access was removed from an account.
4865 A trusted forest information entry was added.
4866 A trusted forest information entry was removed.
4867 A trusted forest information entry was modified.

Back to top

 

Additional Resources