WinSecWiki > Security Settings > Advanced Audit Policies > Object Access > Registry

Audit Registry

This category allows you to track access to registry keys and values. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
4656	A handle to an object was requested
4657	A registry value was modified
4658	The handle to an object was closed
4660	An object was deleted
4663	An attempt was made to access an object

Upcoming Webinars

File Security in Microsoft 365: Under Teams, OneDrive for Business, Microsoft 365 Groups it’s SharePoint
Linux Security: Locking Down Admin Access with SSH and Sudo
Understanding Broken Object Level Authorization: The Quiet Access Control Failure Undermining Today’s Apps

Additional Resources

Object Access

•	Application Generated
•	Central Access Policy Staging
•	Certification Services
•	Detailed File Share
•	File Share
•	File System
•	Filtering Platform Connection
•	Filtering Platform Packet Drop
•	Handle Manipulation
•	Kernal Object
•	Other Object Access Events
•	Registry
•	Removable Storage
•	SAM

User name:
Password:
	/ Forgot?
	Register

January 2026 Patch Tuesday	"Patch Tuesday - Starting 2026 with a Bang; 3 Zero Days " - sponsored by LOGbinder and Supercharger

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2026 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.