WinSecWiki > Security Settings > Local Policies > Audit Policy > Policy Change > Authentication

Authentication Policy Change

This category tracks any configuration changes that would impact how user accounts are authenticated although password and lockout policies are conspicuously missing. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
4706	A new trust was created to a domain.
4707	A trust to a domain was removed.
4713	Kerberos policy was changed.
4716	Trusted domain information was modified.
4717	System security access was granted to an account.
4718	System security access was removed from an account.
4865	A trusted forest information entry was added.
4866	A trusted forest information entry was removed.
4867	A trusted forest information entry was modified.

Upcoming Webinars

Additional Resources

Policy Change

•	Audit
•	Authentication
•	Authorization
•	MPSSVC Rule-Level
•	Filtering Platform
•	Other Policy Change Events

Home

Windows

WinSecWiki

User name:
Password:
	/ Forgot?
	Register

November 2019 Patch Monday	"Patch Monday: Chrome 0-Day Exploited in the Wild " - sponsored by LOGbinder

Follow @randyfsmith

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2019 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.