Rule Check: Advanced Audit Policy Setting (Windows)
The Windows advanced security audit policy allows fine-grained control over what events on a server should be logged for auditing purposes. Only logged events will be viewable in the Windows Event Viewer.
The Advanced Audit Policy Setting check verifies whether a given advanced security audit policy setting (or audit subcategory) has the value that you expect on a scanned Windows server. Using the check in a configuration policy allows you verify that the audit events you want to log are in fact being logged.
This one check allows you verify the desired setting of any one of over 50 advanced audit policy settings.
The name of the advanced security audit policy setting to check. Select it from the drop-down list.
Select the value or values that are acceptable for this setting. You can select multiple values:
|Remedial Suggestion (optional)||