Advanced Audit Policy Configurations not applied when using local GPO windows 11

justin goh 5 Reputation points
2024-03-18T07:40:45.7966667+00:00

I am currently configuring CIS hardening for Windows 11. I ran into a problem when configuring the Advanced Audit policy configuration in gpedit.exe. When running "gpupdate /force", it occasionally fails user update policy and gives the following error: "****Audit Policy Configuration failed due to an error and failed to log Resultant Set of Policy information." Other times it runs fine when updating computer and user policy but the policy is not applied as "gpresult \h" does not show Advanced Audit Configuration results in security settings

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,070 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Daisy Zhou 18,626 Reputation points Microsoft Vendor
    2024-03-19T02:20:33.5033333+00:00

    Hello justin goh,

    Thank you for posting in Q&A forum.

    Is this machine in domain or in workgroup? It seems this machine is in one domain.

    There are two locations we can configure the audit policies:

    Security Settings\Local Policies\Audit Policy

    Security Settings\Advanced Audit Policy Configuration\System Audit Policies

    Once we used the Advanced audit policy in the system, all the legacy audit policy will not be used by this system.

    Generally, we can check if the GPOs are applied via the gpresult. But it is not suitable and accurate to check the audit policies. We can check the audit policies applying result via the auditpol command:

    auditpol /get /category:* >c:\filename.txt

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments