2.2.1.1 Policy Target
This section defines the possible values for the PolicyTarget attribute, which enables an administrator to specify whether to set the audit subcategory for a system advanced audit policy or a specific user. The syntax for the entries in this category MUST be as follows.
-
PolicyTarget = "System" / UserSID
The value of PolicyTarget MUST be one of the following:
A value of "System": Indicates that this is a system audit subcategory setting.
A UserSID: Indicates that this is a per-user audit subcategory setting.
UserSID is the string representation of the security identifier (SID) of a user account. The syntax for the entries in this category MUST be as follows.
-
UserSID = String
The UserSID string MUST use the standard S-R-I-S-S... format for SID strings, as specified in [MS-DTYP] (section 2.4.2).<1>