WinSecWiki > Security Settings > Local Policies > Audit Policy > Policy Change > Audit

Audit Policy Change

This category tracks any policy changes that would affect what gets reported to the security log. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event IDTitle
4715 The audit policy (SACL) on an object was changed.
4719 System audit policy was changed.
4902 The Per-user audit policy table was created.
4904 An attempt was made to register a security event source.
4905 An attempt was made to unregister a security event source.
4906 The CrashOnAuditFail value has changed.
4907 Auditing settings on object were changed.
4912 Per User Audit Policy was changed.

Back to top

 

Upcoming Webinars
  • Understanding the Multiple Layers of Privileged Access in Windows
  • The Top 5 Challenges of Windows Event Collection – And How to Solve Them
Additional Resources
    Policy Change
    •Audit
    •Authentication
    •Authorization
    •MPSSVC Rule-Level
    •Filtering Platform
    •Other Policy Change Events

     
     
    User name:
    Password:
      / Forgot?
      Register
    June 2025
    Patch Tuesday
    "Patch Tuesday - Two Zero Days and 11 Critical Updates " - sponsored by LOGbinder and Supercharger
    .
    Tweet
    Follow @randyfsmith
    About | Newsletter | Contact Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
    Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.
    Terms of Use | Privacy |
    Cookies help us deliver the best experience on our website. By using our website, you agree to the use of cookies.