Share via


Audit Application Generated

 

Applies To: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8

This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs).

The following events can generate audit activity:

  • Creation, deletion, or initialization of an application client context

  • Application operations

Applications that are designed to use the Windows Auditing APIs can use this subcategory to log auditing events that are related to those APIs. The level, volume, relevance, and importance of these audit events depend on the application that generates them. The operating system logs the events as they are generated by the application.

Event volume: Depends on the installed application's use of Windows Auditing

Default: Not configured

If this policy setting is configured, the following events appear on computers running the supported versions of the Windows operating system as designated in the Applies to list at the beginning of this topic, in addition to Windows Server 2008 and Windows Vista.

Event ID

Event message

4665

An attempt was made to create an application client context.

4666

An application attempted an operation:

4667

An application client context was deleted.

4668

An application was initialized.

Advanced Security Audit Policy Settings