WinSecWiki > Security Settings > Local Policies > Security Options > Audit > Audit the use of global system objects

Audit: Audit the use of global system objects

Enabling, this policy has no effect unless Audit object access events is also enabled.

Enabling this policy causes Windows to create internal system objects with a default system access control list (SACL) that specifies operations on such objects to be reported to the security log. The internal system objects include mutexes, semaphores and other objects that really only have meaning to programmers. This feature was only added to Windows to get Common Criteria evaluation; it has no real value and only creates useless noise in the security log. Leave it disabled.

If this policy is enabled, it causes system objects, such as mutexes (mutual exclusive), events, semaphores (locking mechanisms used inside resource managers or resource dispensers), and DOS devices, to be created with a default system access control list (SACL).

Related event IDs: 560/4656.

Upcoming Webinars

Additional Resources

Audit

•	Audit the use of global system objects
•	Audit the use of Backup and Restore privilege
•	Force audit policy subcategory settings
•	Shut down system immediately

User name:
Password:
	/ Forgot?
	Register

July 2024 Patch Tuesday	"Patch Tuesday - Four Zero Days " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.