Audit Computer Account Management
Audit Computer Account Management determines whether the operating system generates audit events when a computer account is created, changed, or deleted.
This policy setting is useful for tracking account-related changes to computers that are members of a domain.
Event volume: Low on domain controllers.
This subcategory allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted.
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|---|---|---|---|---|---|
| Domain Controller | Yes | No | Yes | No | We recommend monitoring changes to critical computer objects in Active Directory, such as domain controllers, administrative workstations, and critical servers. It's especially important to be informed if any critical computer account objects are deleted. Additionally, events in this subcategory will give you information about who deleted, created, or modified a computer object, and when the action was taken. Typically volume of these events is low on domain controllers. This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Member Server | No | No | No | No | This subcategory generates events only on domain controllers. |
| Workstation | No | No | No | No | This subcategory generates events only on domain controllers. |
Events List: