WinSecWiki > Security Settings > Local Policies > Audit Policy > Policy Change > Audit

Audit Policy Change

This category tracks any policy changes that would affect what gets reported to the security log. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
4715	The audit policy (SACL) on an object was changed.
4719	System audit policy was changed.
4902	The Per-user audit policy table was created.
4904	An attempt was made to register a security event source.
4905	An attempt was made to unregister a security event source.
4906	The CrashOnAuditFail value has changed.
4907	Auditing settings on object were changed.
4912	Per User Audit Policy was changed.

Upcoming Webinars

Additional Resources

Policy Change

•	Audit
•	Authentication
•	Authorization
•	MPSSVC Rule-Level
•	Filtering Platform
•	Other Policy Change Events

User name:
Password:
	/ Forgot?
	Register

June 2025 Patch Tuesday	"Patch Tuesday - Two Zero Days and 11 Critical Updates " - sponsored by LOGbinder and Supercharger

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.