Share via



Applies To: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8

Displays information about and performs functions to manipulate audit policies.

For examples of how this command can be used, see the Examples section in each topic.


Auditpol command [<sub-command><options>]





Displays the current audit policy.

See Auditpol get for syntax and options.


Sets the audit policy.

See Auditpol set for syntax and options.


Displays selectable policy elements.

See Auditpol list for syntax and options.


Saves the audit policy to a file.

See Auditpol backup for syntax and options.


Restores the audit policy from a file that was previously created by using auditpol /backup.

See Auditpol restore for syntax and options.


Clears the audit policy.

See Auditpol clear for syntax and options.


Removes all per-user audit policy settings and disables all system audit policy settings.

See Auditpol remove for syntax and options.


Configures global resource system access control lists (SACLs).


Applies only to Windows 7 and Windows Server 2008 R2.

See Auditpol resourceSACL.


Displays help at the command prompt.


The audit policy command-line tool can be used to:

  • Set and query a system audit policy.

  • Set and query a per-user audit policy.

  • Set and query auditing options.

  • Set and query the security descriptor used to delegate access to an audit policy.

  • Report or back up an audit policy to a comma-separated value (CSV) text file.

  • Load an audit policy from a CSV text file.

  • Configure global resource SACLs.

Additional references

Command-Line Syntax Key