XIA Configuration

Advanced Audit Policy Configuration

Document your advanced audit policy configuration

  Download Free 30-Day Trial   View Sample Documentation

Document Windows Advanced Audit Policy configuration across your environment with XIA Configuration. Use the reporting feature to compare server configuration and the PDF export option to generate up to date documentation.

Windows PowerShell remoting is used to gather information from remote machines so you don't have to install any agents.

To see all the Windows settings supported by XIA Configuration, navigate up to Windows.

Determine whether a setting is configured locally or using Group Policy and, if it has been configured using Group Policy, find out which policy is effective in applying this setting.

Screenshot of Advanced Audit Policy settings in the XIA Configuration web interface
Screenshot of Advanced Audit Policy settings in the XIA Configuration web interface

Information documented by XIA Configuration

The following category or subcategory information is retrieved:

NOTE: Not all subcategories are available on all operating systems

Advanced Audit Policy Configuration

Advanced Audit Policy in Windows 7, Windows Server 2008 R2 and above increase the nine basic audit categories available in previous versions of Windows helping with audit compliance and security monitoring.

Account Logon

  • Credential Validation
  • Kerberos Authentication Service
  • Kerberos Service Ticket Operations
  • Other Account Logon Events

Account Management

  • Application Group Management
  • Computer Account Management
  • Distribution Group Management
  • Other Account Management Events
  • Security Group Management
  • User Account Management

Detailed Tracking

  • DPAPI Activity
  • Process Creation
  • Process Termination
  • RPC Events

DS Access

  • Subcategory
  • Detailed Directory Service Replication
  • Directory Service Access
  • Directory Service Changes
  • Directory Service Replication


  • Account Lockout
  • IPsec Extended Mode
  • IPsec Main Mode
  • IPsec Quick Mode
  • Logoff
  • Logon
  • Network Policy Server
  • Other Logon/Logoff Events
  • Special Logon
  • User / Device Claims

Object Access

  • Application Generated
  • Central Policy Staging
  • Certification Services
  • Detailed File Share
  • File Share
  • File System
  • Filtering Platform Connection
  • Filtering Platform Packet Drop
  • Handle Manipulation
  • Kernel Object
  • Other Object Access Events
  • Registry
  • Removable Storage
  • SAM

Policy Change

  • Audit Policy Change
  • Authentication Policy Change
  • Authorization Policy Change
  • Filtering Platform Policy Change
  • MPSSVC Rule-Level Policy Change
  • Other Policy Change Events

Privilege Use

  • Non Sensitive Privilege Use
  • Other Privilege Use Events
  • Sensitive Privilege Use


  • IPsec Driver
  • Other System Events
  • Security State Change
  • Security System Extension
  • System Integrity

For more information about Windows, please view the Windows page.

Try documenting advanced audit policy configuration for free