Basic security audit policy settings
Basic security audit policy settings are found under Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy.
In this section
| Topic | Description |
|---|---|
| Audit account logon events | Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account. |
| Audit account management | Determines whether to audit each event of account management on a device. |
| Audit directory service access | Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified. |
| Audit logon events | Determines whether to audit each instance of a user logging on to or logging off from a device. |
| Audit object access | Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified. |
| Audit policy change | Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies. |
| Audit privilege use | Determines whether to audit each instance of a user exercising a user right. |
| Audit process tracking | Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. |
| Audit system events | Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. |