Share via


Audit Other Policy Change Events

Applies To: Windows 7, Windows Server 2008 R2

This security policy setting determines whether the operating system generates events for security policy changes that are not otherwise audited in the Policy Change category, such as the following:

  • Trusted Platform Module (TPM) configuration changes.

  • Kernel-mode cryptographic self tests.

  • Cryptographic provider operations.

  • Cryptographic context operations or modifications.

Event volume: Low

Default: Not configured

If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

Event ID Event message

4670

Permissions on an object were changed.

4909

The local policy settings for the TBS were changed.

4910

The group policy settings for the TBS were changed.

5063

A cryptographic provider operation was attempted.

5064

A cryptographic context operation was attempted.

5065

A cryptographic context modification was attempted.

5066

A cryptographic function operation was attempted.

5067

A cryptographic function modification was attempted.

5068

A cryptographic function provider operation was attempted.

5069

A cryptographic function property operation was attempted.

5070

A cryptographic function property modification was attempted.

5447

A Windows Filtering Platform filter has been changed.

6144

Security policy in the group policy objects has been applied successfully.

6145

One or more errors occurred while processing security policy in the group policy objects.