WinSecWiki > Security Settings > Local Policies > Audit Policy > Policy Change > Audit

Audit Policy Change

This category tracks any policy changes that would affect what gets reported to the security log. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event IDTitle
4715 The audit policy (SACL) on an object was changed.
4719 System audit policy was changed.
4902 The Per-user audit policy table was created.
4904 An attempt was made to register a security event source.
4905 An attempt was made to unregister a security event source.
4906 The CrashOnAuditFail value has changed.
4907 Auditing settings on object were changed.
4912 Per User Audit Policy was changed.

Back to top

 

Upcoming Webinars
  • Operational Technology: The Growing Cyber-Kinetic Front in the SecOps War
  • Identity Fabric: Stitching Together IAM or Selling the Emperor’s New Clothes?
Additional Resources
    Policy Change
    •Audit
    •Authentication
    •Authorization
    •MPSSVC Rule-Level
    •Filtering Platform
    •Other Policy Change Events

     
     
    User name:
    Password:
      / Forgot?
      Register
    August 2025
    Patch Tuesday    		 "Patch Tuesday - Two Zero Days and Large Number of Critical Updates " - sponsored by LOGbinder and Supercharger
    .
    Tweet
    Follow @randyfsmith
    About | Newsletter | Contact Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
    Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.     		Terms of Use | Privacy |
    Cookies help us deliver the best experience on our website. By using our website, you agree to the use of cookies.