WinSecWiki > Security Settings > Local Policies > Audit Policy > Process Tracking > DPAPI Activity

DPAPI Activity

This category reports activity concerning the Data Protection API. Per Microsoft: "The Data Protection API (DPAPI) helps to protect data in Windows 2000 and later operating systems. DPAPI is used to help protect private keys, stored credentials (in Windows XP and later), and other confidential information that the operating system or a program wants to keep confidential." To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event IDTitle
4692 Backup of data protection master key was attempted
4693 Recovery of data protection master key was attempted.
4694 Protection of auditable protected data was attempted
4695 Unprotection of auditable protected data was attempted.

Back to top


Additional Resources