Share via


Basic security audit policy settings

Basic security audit policy settings are found under Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy.

In this section

Topic Description
Audit account logon events Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account.
Audit account management Determines whether to audit each event of account management on a device.
Audit directory service access Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified.
Audit logon events Determines whether to audit each instance of a user logging on to or logging off from a device.
Audit object access Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified.
Audit policy change Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies.
Audit privilege use Determines whether to audit each instance of a user exercising a user right.
Audit process tracking Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.
Audit system events Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log.