WinSecWiki > Security Settings > Local Policies > Audit Policy > Auditpol
Auditpol
This command is new to Windows Server 2008 and Vista and is required for querying or configuring audit policy at the subcategory level. Before using this command to configure subcategories make sure you enable "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings".
Prior to Win2008 R2, this command is the only way you can configure audit policy at the subcategory level (Pre R2, Group Policy only allows you to configure audit policy at the category level).
Furthermore auditpol does not accept a computer name for remotely configuring audit policy on another computer on the network; instead you must execute auditpol locally on each system.
With Win2008 R2 you can configure audit subcategories using Group Policy; look under Security Settings\Advanced Audit Policy.
To see the full syntax for this command run "auditpol /?" at the command line.
To get a listing of all categories and their subcategories, run:
auditpol /list /subcategory:*
To display the current audit policy for all subcategories run:
auditpol /get /category:*
Here's an example of enabling the File System subcategory for success and failure:
AUDITPOL /SET /SUBCATEGORY:"file system" /SUCCESS:ENABLE /FAILURE:ENABLE
Back to top