WinSecWiki > Security Settings > Advanced Audit Policies > Object Access > Registry

Audit Registry

This category allows you to track access to registry keys and values. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event IDTitle
4656 A handle to an object was requested
4657 A registry value was modified
4658 The handle to an object was closed
4660 An object was deleted
4663 An attempt was made to access an object

Back to top

 

Upcoming Webinars
  • Understanding the Multiple Layers of Privileged Access in Windows
  • The Top 5 Challenges of Windows Event Collection – And How to Solve Them
Additional Resources
    Object Access
    •Application Generated
    •Central Access Policy Staging
    •Certification Services
    •Detailed File Share
    •File Share
    •File System
    •Filtering Platform Connection
    •Filtering Platform Packet Drop
    •Handle Manipulation
    •Kernal Object
    •Other Object Access Events
    •Registry
    •Removable Storage
    •SAM

     
     
    User name:
    Password:
      / Forgot?
      Register
    June 2025
    Patch Tuesday    		 "Patch Tuesday - Two Zero Days and 11 Critical Updates " - sponsored by LOGbinder and Supercharger
    .
    Tweet
    Follow @randyfsmith
    About | Newsletter | Contact Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
    Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.     		Terms of Use | Privacy |
    Cookies help us deliver the best experience on our website. By using our website, you agree to the use of cookies.