Share via


Advanced Audit Policy Configuration

 

Applies To: Windows Vista, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8

This reference for the IT professional provides information about one collection of auditing settings which were introduced in Windows Server 2008 R2 and Windows 7, and the audit events that they generate.

The security audit policy settings under Security Settings\Advanced Audit Policy Configuration can help your organization audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:

  • A group administrator has modified settings or data on servers that contain finance information.

  • An employee within a defined group has accessed an important file.

  • The correct system access control list (SACL) is applied to every file and folder or registry key on a computer or file share as a verifiable safeguard against undetected access.

These settings allow you to select only the behaviors that you want to monitor and exclude audit results for other behaviors. In addition, because security audit policies can be applied by using domain Group Policy, audit policy settings can be modified, tested, and deployed to selected users and groups.

Audit policy settings under Security Settings\Advanced Audit Policy Configuration are available in the following categories:

See Also

Which Editions of Windows Support Advanced Audit Policy Configuration