WinSecWiki > Security Settings > Advanced Audit Policies > Object Access > SAM
Audit SAM
This category allows you to track access to objects in the SAM (Security Account Manager) where local users and groups are stored on non-domain controller systems. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.
Coverage on events generated by this category are currently in the Security Log Encyclopedia:
Back to top