Share via


Audit Application Group Management

 

Applies To: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8

This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Group Management, which determines whether the operating system generates audit events when application group management tasks are performed.

Application group management tasks include:

  • An application group is created, changed, or deleted.

  • A member is added to or removed from an application group.

Event volume: Low

Default: Not configured

If this policy setting is configured, the following events appear on computers running the supported versions of the Windows operating system as designated in the Applies To list at the beginning of this topic, in addition to Windows Server 2008 and Windows Vista.

Event ID

Event message

4783

A basic application group was created.

4784

A basic application group was changed.

4785

A member was added to a basic application group.

4786

A member was removed from a basic application group.

4787

A non-member was added to a basic application group.

4788

A non-member was removed from a basic application group.

4789

A basic application group was deleted.

4790

An LDAP query group was created.

Advanced Security Audit Policy Settings