Articles in this section

See more

Rule Check: Advanced Audit Policy Setting (Windows)

Avatar
dbice
Updated
Follow

 Previous Topic

Next Topic 

Monitoring Server Configuration Security  >  Configuration Policy Rule Checks  >  Advanced Audit Policy Setting (Windows)

Rule Check: Advanced Audit Policy Setting (Windows)

The Windows advanced security audit policy allows fine-grained control over what events on a server should be logged for auditing purposes. Only logged events will be viewable in the Windows Event Viewer.

The Advanced Audit Policy Setting check verifies whether a given advanced security audit policy setting (or audit subcategory) has the value that you expect on a scanned Windows server. Using the check in a configuration policy allows you verify that the audit events you want to log are in fact being logged.

This one check allows you verify the desired setting of any one of over 50 advanced audit policy settings.

ParametersDescription
Audit Subcategory

The name of the advanced security audit policy setting to check. Select it from the drop-down list.
Desired value

Select the value or values that are acceptable for this setting. You can select multiple values:

  • No Auditing. Do not log any events related to this policy setting.
  • Success. Log only successful executions of a task related to this policy setting.
  • Success and Failure. Log both successful and failed attempts
  • Failure. Log only failed attempts to execute a task related to this policy setting.
Remedial Suggestion (optional)

Optional suggestion

 

 

Download the full PDF of: Monitoring Server Configuration Security

 

 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk