audit policy is special. Local Security Policy may not be accurate to see the 'effective' policy.
instead, try:
auditpol /get /category:*
https://support.microsoft.com/en-us/topic/2f6a528c-9ef5-8ab5-e3ca-f7856f5bf5fc
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I run gpresult to make sure the right GPO is the winning one and compared some audit related settings to what the GPO has set. For some reason I see that lots of GPO flags are not reflected in local policy. E.g. Object Access if said to Failed in the GPO yet checking in local policy it's has No Auditing set. Same goes for various Advanced audit configurations. What could be causing such deviation and how can this be fixed?
audit policy is special. Local Security Policy may not be accurate to see the 'effective' policy.
instead, try:
auditpol /get /category:*
https://support.microsoft.com/en-us/topic/2f6a528c-9ef5-8ab5-e3ca-f7856f5bf5fc
Hello,
Thank you for your question.
I would like to suggest you open run as Admin from cmd and you will see all gpo being applied and gpo name which override aswell.
C:> gpresult /h c:\temp\gpresult.html
If the reply was helpful, please don’t forget to upvote or accept as answer.
Thanks,
PRAKASH T
Indeed auditpol shows all the flags set as expected whereas gpedit doesn't which is a bit of a shame.