Policy Change

Applies To: Windows 7, Windows Server 2008 R2

Policy Change audit events allow you to track changes to important security policies on a local system or network. Because policies are typically established by administrators to help secure network resources, any changes or attempts to change these policies can be an important aspect of security management for a network. This category includes the following subcategories:

• Audit Audit Policy Change

• Audit Authentication Policy Change

• Audit Authorization Policy Change

• Audit Filtering Platform Policy Change

• Audit MPSSVC Rule-Level Policy Change

• Audit Other Policy Change Events

For more information about audit events that are generated by Policy Change audit settings in Windows Server 2008 R2 and Windows 7, see Security Audit Events for Windows 7 and Windows Server 2008 R2 (https://go.microsoft.com/fwlink/?LinkId=157780).