Check Advanced Audit Policy Settings
Determine whether a setting is configured locally or using Group Policy and, if it has been configured using Group Policy, find out which policy is effective in applying this setting.
View all the policy settings retrieved by XIA Configuration below.
Show details
Account Logon
- Credential Validation
- Kerberos Authentication Service
- Kerberos Service Ticket Operations
- Other Account Logon Events
Account Management
- Application Group Management
- Computer Account Management
- Distribution Group Management
- Other Account Management Events
- Security Group Management
- User Account Management
Detailed Tracking
- DPAPI Activity
- Process Creation
- Process Termination
- RPC Events
DS Access
- Subcategory
- Detailed Directory Service Replication
- Directory Service Access
- Directory Service Changes
- Directory Service Replication
Logon/Logoff
- Account Lockout
- IPsec Extended Mode
- IPsec Main Mode
- IPsec Quick Mode
- Logoff
- Logon
- Network Policy Server
- Other Logon/Logoff Events
- Special Logon
- User / Device Claims
Object Access
- Application Generated
- Central Policy Staging
- Certification Services
- Detailed File Share
- File Share
- File System
- Filtering Platform Connection
- Filtering Platform Packet Drop
- Handle Manipulation
- Kernel Object
- Other Object Access Events
- Registry
- Removable Storage
- SAM
Policy Change
- Audit Policy Change
- Authentication Policy Change
- Authorization Policy Change
- Filtering Platform Policy Change
- MPSSVC Rule-Level Policy Change
- Other Policy Change Events
Privilege Use
- Non Sensitive Privilege Use
- Other Privilege Use Events
- Sensitive Privilege Use
System
- IPsec Driver
- Other System Events
- Security State Change
- Security System Extension
- System Integrity
Advanced Audit Policy in Windows 7, Windows Server 2008 R2 and above increase the nine basic audit categories available in previous versions of Windows helping with audit compliance and security monitoring.