XIA Configuration

Check Advanced Audit Policy Configuration

Check your advanced audit policy settings comply with security standards

Check your Advanced Audit Policy settings comply with security standards across all your Windows machines with XIA Configuration.

Use the built-in compliance benchmark to expose Windows machines that do not meet your security requirements.

Screenshot of the Audit Settings compliance benchmark results in the XIA Configuration web interface
Screenshot of the Audit Settings compliance benchmark results in the XIA Configuration web interface

XIA Configuration has a non-intrusive architecture with agentless data collection and PowerShell support.

Advanced Audit Policy Audit and Documentation

XIA Configuration automates the retrieval of Advanced Audit Policy settings across all your Windows machines.

Screenshot of Advanced Audit Policy settings in the XIA Configuration web interface
Screenshot of Advanced Audit Policy settings in the XIA Configuration web interface

Assess Advanced Audit Policy Settings

Determine whether a setting is configured locally or using Group Policy and, if it has been configured using Group Policy, find out which policy is effective in applying this setting.

View all the policy settings retrieved by XIA Configuration below.

Show Details

Account Logon

  • Credential Validation
  • Kerberos Authentication Service
  • Kerberos Service Ticket Operations
  • Other Account Logon Events

Account Management

  • Application Group Management
  • Computer Account Management
  • Distribution Group Management
  • Other Account Management Events
  • Security Group Management
  • User Account Management

Detailed Tracking

  • DPAPI Activity
  • Process Creation
  • Process Termination
  • RPC Events

DS Access

  • Subcategory
  • Detailed Directory Service Replication
  • Directory Service Access
  • Directory Service Changes
  • Directory Service Replication

Logon/Logoff

  • Account Lockout
  • IPsec Extended Mode
  • IPsec Main Mode
  • IPsec Quick Mode
  • Logoff
  • Logon
  • Network Policy Server
  • Other Logon/Logoff Events
  • Special Logon
  • User / Device Claims

Object Access

  • Application Generated
  • Central Policy Staging
  • Certification Services
  • Detailed File Share
  • File Share
  • File System
  • Filtering Platform Connection
  • Filtering Platform Packet Drop
  • Handle Manipulation
  • Kernel Object
  • Other Object Access Events
  • Registry
  • Removable Storage
  • SAM

Policy Change

  • Audit Policy Change
  • Authentication Policy Change
  • Authorization Policy Change
  • Filtering Platform Policy Change
  • MPSSVC Rule-Level Policy Change
  • Other Policy Change Events

Privilege Use

  • Non Sensitive Privilege Use
  • Other Privilege Use Events
  • Sensitive Privilege Use

System

  • IPsec Driver
  • Other System Events
  • Security State Change
  • Security System Extension
  • System Integrity
Advanced Audit Policy in Windows 7, Windows Server 2008 R2 and above increase the nine basic audit categories available in previous versions of Windows helping with audit compliance and security monitoring.

To see all the Windows settings supported by XIA Configuration, navigate up to Windows.

Try checking your advanced audit policy configuration for free