I have been trying to set Advance Audit Policy to our servers through GPO but they are not getting applied. I have already set Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings. to Enabled and also appears in RSOP.msc of the servers. The audit policies are not getting applied however. I ran auditpol.exe /clear and then ran gpupdate /force. Now when I check with auditpol.exe /get /category:* almost all appear as No Auditing.
We are monitoring servers in Azure Security Center and it is recommending us to enable certain Audit policies to be ISO 27001 compliant. But these policies are not getting applied. Please let me know what is the problem here, I will list the audit policies below. The correct GPO is also applied so no question their.
Ensure 'Audit Credential Validation' is set to 'Success and Failure'
Ensure 'Audit Removable Storage' is set to 'Success and Failure'
Ensure 'Audit PNP Activity' is set to 'Success'
Ensure 'Audit Security System Extension' is set to 'Success'
Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'
Ensure 'Audit User Account Management' is set to 'Success and Failure'
Audit MPSSVC Rule-Level Policy Change
Audit Other Object Access Events