Section 7: Audit Settings
Advanced Audit Policy
The advanced audit policy is based on the Microsoft audit policy recommendations "Stronger Recommendation"
- Certain settings are applicable to domain controllers only.
- Where the recommendation is for a single audit type only (for example "Success" or "Failure") and the system is configured for "Success and Failure" a warning will be issued.
- The advanced audit policy optional component must be enabled and complete for this section to complete, otherwise "Unknown" will be displayed.
The following settings can be configured to determine whether the advanced audit policy should be configured to audit success, failure, or both success and failure events.
7.04 Audit Credential Validation
Determines the desired value for the Audit Credential Validation advanced audit policy setting.
7.05 Audit Kerberos Authentication Service
Determines the desired value for the Audit Kerberos Authentication Service advanced audit policy setting.
7.06 Audit Kerberos Service Ticket Operations
Determines the desired value for the Audit Kerberos Service Ticket Operations advanced audit policy setting.
7.07 Audit Other Account Logon Events
The desired value for the Audit Other Account Logon Events advanced audit policy setting.
7.08 Audit Application Group Management
The desired value for the Audit Application Group Management advanced audit policy setting.
7.10 Audit Distribution Group Management
The desired value for the Audit Distribution Group Management advanced audit policy setting.
7.11 Audit Other Account Management Events
The desired value for the Audit Other Account Management Events advanced audit policy setting.
7.12 Audit Security Group Management
The desired value for the Audit Security Group Management advanced audit policy setting.
7.13 Audit User Account Management
The desired value for the Audit User Account Management advanced audit policy setting.
7.14 Audit DPAPI Activity
The desired value for the Audit DPAPI Activity advanced audit policy setting.
7.15 Audit PNP Activity
The desired value for the Audit PNP Activity advanced audit policy setting. This setting only applies to Windows 10, Windows Server 2016 and above.
7.16 Audit Process Creation
The desired value for the Audit Process Creation advanced audit policy setting.
7.17 Audit Process Termination
The desired value for the Audit Process Termination advanced audit policy setting.
7.18 Audit RPC Events
The desired value for the Audit RPC Events advanced audit policy setting.
7.19 Audit Detailed Directory Service Replication
The desired value for the Audit Detailed Directory Service Replication advanced audit policy setting. This only applies to domain controllers.
7.20 Audit Directory Service Access
The desired value for the Audit Directory Service Access advanced audit policy setting. This only applies to domain controllers.
7.21 Audit Directory Service Changes
The desired value for the Audit Directory Service Changes advanced audit policy setting. This only applies to domain controllers.
7.22 Audit Directory Service Replication
The desired value for the Audit Directory Service Replication advanced audit policy setting. This only applies to domain controllers.
7.23 Audit Account Lockout
The desired value for the Audit Account Lockout advanced audit policy setting.
7.24 Audit Group Membership
The desired value for the Audit Group Membership advanced audit policy setting. This setting only applies to Windows 10, Windows Server 2016 and above.
7.25 Audit IPsec Extended Mode
The desired value for the Audit IPsec Extended Mode advanced audit policy setting.
7.26 Audit IPsec Main Mode
The desired value for the Audit IPsec Main Mode advanced audit policy setting.
7.27 Audit IPsec Quick Mode
The desired value for the Audit IPsec Quick Mode advanced audit policy setting.
7.28 Audit Logoff
The desired value for the Audit Logoff advanced audit policy setting.
7.29 Audit Logon
The desired value for the Audit Logon advanced audit policy setting.
7.30 Audit Network Policy Server
The desired value for the Audit Network Policy Server advanced audit policy setting.
7.31 Audit Other Logon/Logoff Events
The desired value for the Audit Other Logon/Logoff Events advanced audit policy setting.
7.32 Audit Special Logon
The desired value for the Audit Special Logon advanced audit policy setting.
7.33 Audit User / Device Claims
The desired value for the Audit User / Device Claims advanced audit policy setting. This setting only applies to Windows 8, Windows Server 2012 and above.
7.34 Audit Application Generated
The desired value for the Audit Application Generated advanced audit policy setting.
7.35 Audit Central Access Policy Staging
The desired value for the Audit Central Access Policy Staging advanced audit policy setting. This setting only applies to Windows 8, Windows Server 2012 and above.
7.36 Audit Certification Services
The desired value for the Audit Certification Services advanced audit policy setting.
7.37 Audit Detailed File Share
The desired value for the Audit Detailed File Share advanced audit policy setting.
7.38 Audit File Share
The desired value for the Audit File Share advanced audit policy setting.
7.39 Audit File System
The desired value for the Audit File System advanced audit policy setting.
7.40 Audit Filtering Platform Connection
The desired value for the Audit Filtering Platform Connection advanced audit policy setting.
7.41 Audit Filtering Platform Packet Drop
The desired value for the Audit Filtering Platform Packet Drop advanced audit policy setting.
7.42 Audit Handle Manipulation
The desired value for the Audit Handle Manipulation advanced audit policy setting.
7.43 Audit Kernel Object
The desired value for the Audit Kernel Object advanced audit policy setting.
7.44 Audit Other Object Access Events
The desired value for the Audit Other Object Access Events advanced audit policy setting.
7.45 Audit Registry
The desired value for the Audit Registry advanced audit policy setting.
7.46 Audit Removable Storage
The desired value for the Audit Removable Storage advanced audit policy setting. This setting only applies to Windows 8, Windows Server 2012 and above.
7.47 Audit SAM
The desired value for the Audit SAM advanced audit policy setting.
7.48 Audit Audit Policy Change
The desired value for the Audit Audit Policy Change advanced audit policy setting.
7.49 Audit Authentication Policy Change
The desired value for the Audit Authentication Policy Change advanced audit policy setting.
7.50 Audit Authorization Policy Change
The desired value for the Audit Authorization Policy Change advanced audit policy setting.
7.51 Audit Filtering Platform Policy Change
The desired value for the Audit Filtering Platform Policy Change advanced audit policy setting.
7.52 Audit MPSSVC Rule-Level Policy Change
The desired value for the Audit MPSSVC Rule-Level Policy Change advanced audit policy setting.
7.53 Audit Other Policy Change Events
The desired value for the Audit Other Policy Change Events advanced audit policy setting.
7.54 Audit Non Sensitive Privilege Use
The desired value for the Audit Non Sensitive Privilege Use advanced audit policy setting.
7.55 Audit Other Privilege Use Events
The desired value for the Audit Other Privilege Use Events advanced audit policy setting.
7.56 Audit Sensitive Privilege Use
The desired value for the Audit Sensitive Privilege Use advanced audit policy setting.
7.57 Audit IPsec Driver
The desired value for the Audit IPsec Driver advanced audit policy setting.
7.58 Audit Other System Events
The desired value for the Audit Other System Events advanced audit policy setting.
7.59 Audit Security State Change
The desired value for the Audit Security State Change advanced audit policy setting.
7.60 Audit Security System Extension
The desired value for the Audit Security System Extension advanced audit policy setting.
7.61 Audit System Integrity
The desired value for the Audit System Integrity advanced audit policy setting.
Return Warning For Additional Auditing
Determines whether a warning result is returned if the Windows machine is configured to audit additional events over the desired value.