fixing merge conflicts

2025-06-21 21:33:38 +00:00 · 2016-06-02 15:19:58 -07:00
parent 41aa33c7c2 6db675a76f
commit 5e5d121d83
527 changed files with 31450 additions and 1691 deletions
--- a/windows/keep-secure/audit-application-generated.md
+++ b/windows/keep-secure/audit-application-generated.md
@ -2,39 +2,41 @@
 title: Audit Application Generated (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs).
 ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871
+<<<<<<< HEAD
 ms.prod: w10
+=======
+ms.pagetype: security
+ms.prod: W10
+>>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.pagetype: security
-author: brianlic-msft
+author: Mir0sh
 ---

 # Audit Application Generated

 **Applies to**
-   Windows 10
+-   Windows 10
+-   Windows Server 2016

-This topic for the IT professional describes the Advanced Security Audit policy setting, **Audit Application Generated**, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs).

-The following events can generate audit activity:
+Audit Application Generated generates events for actions related to Authorization Manager [applications](https://technet.microsoft.com/en-us/library/cc770563.aspx).

-   Creation, deletion, or initialization of an application client context
-   Application operations
+Audit Application Generated subcategory is out of scope of this document, because [Authorization Manager](https://technet.microsoft.com/en-us/library/cc726036.aspx) is very rarely in use and it is deprecated starting from Windows Server 2012.

-Applications that are designed to use the Windows Auditing APIs can use this subcategory to log auditing events that are related to those APIs. The level, volume, relevance, and importance of these audit events depend on the application that generates them. The operating system logs the events as they are generated by the application.
+| Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                   |
+|-------------------|-----------------|-----------------|------------------|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Domain Controller | IF              | IF              | IF               | IF               | IF – if you use [Authorization Manager](https://technet.microsoft.com/en-us/library/cc726036.aspx) in your environment and you need to monitor events related to Authorization Manager [applications](https://technet.microsoft.com/en-us/library/cc770563.aspx), enable this subcategory. |
+| Member Server     | IF              | IF              | IF               | IF               | IF – if you use [Authorization Manager](https://technet.microsoft.com/en-us/library/cc726036.aspx) in your environment and you need to monitor events related to Authorization Manager [applications](https://technet.microsoft.com/en-us/library/cc770563.aspx), enable this subcategory. |
+| Workstation       | IF              | IF              | IF               | IF               | IF – if you use [Authorization Manager](https://technet.microsoft.com/en-us/library/cc726036.aspx) in your environment and you need to monitor events related to Authorization Manager [applications](https://technet.microsoft.com/en-us/library/cc770563.aspx), enable this subcategory. |

-Event volume: Depends on the installed app's use of the Windows Auditing APIs
+**Events List:**

-Default: Not configured
+## 4665: An attempt was made to create an application client context.

-| Event ID | Event message |
-| - | - |
-| 4665 | An attempt was made to create an application client context. |
-| 4666 | An application attempted an operation: | 
-| 4667 | An application client context was deleted. |
- 
-## Related topics
+## 4666: An application attempted an operation.
+
+## 4667: An application client context was deleted.
+
+## 4668: An application was initialized.

- [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)
- 
-