mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-19 20:33:42 +00:00
Updated for 5358843-files-1to25
This commit is contained in:
Ashok Lobo
@ -14,16 +14,12 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Advanced security audit policy settings
|
# Advanced security audit policy settings
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows 11
|
|
||||||
|
|
||||||
This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
|
This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
|
||||||
|
|
||||||
The security audit policy settings under **Security Settings\\Advanced Audit Policy Configuration** can help your organization audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:
|
The security audit policy settings under **Security Settings\\Advanced Audit Policy Configuration** can help your organization audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:
|
||||||
|
|||||||
@ -15,13 +15,12 @@ metadata:
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
|
|
||||||
title: Advanced security auditing FAQ
|
title: Advanced security auditing FAQ
|
||||||
summary: |
|
summary: |
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
|
|
||||||
This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
|
This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
|
||||||
|
|
||||||
|
|||||||
@ -14,15 +14,12 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/6/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Advanced security audit policies
|
# Advanced security audit policies
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
|
|
||||||
Advanced security audit policy settings are found in **Security Settings\\Advanced Audit Policy Configuration\\System Audit Policies** and appear to overlap with basic security audit policies, but they are recorded and applied differently.
|
Advanced security audit policy settings are found in **Security Settings\\Advanced Audit Policy Configuration\\System Audit Policies** and appear to overlap with basic security audit policies, but they are recorded and applied differently.
|
||||||
When you apply basic audit policy settings to the local computer by using the Local Security Policy snap-in, you are editing the effective audit policy, so changes made to basic audit policy settings will appear exactly as configured in Auditpol.exe. In Windows 7 and later, advanced security audit policies can be controlled by using Group Policy.
|
When you apply basic audit policy settings to the local computer by using the Local Security Policy snap-in, you are editing the effective audit policy, so changes made to basic audit policy settings will appear exactly as configured in Auditpol.exe. In Windows 7 and later, advanced security audit policies can be controlled by using Group Policy.
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# Appendix A: Security monitoring recommendations for many audit events
|
# Appendix A: Security monitoring recommendations for many audit events
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
This document, the [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) reference, provides information about individual audit events, and lists them within audit categories and subcategories. However, there are many events for which the following overall recommendations apply. There are links throughout this document from the “Recommendations” sections of the relevant events to this appendix.
|
This document, the [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) reference, provides information about individual audit events, and lists them within audit categories and subcategories. However, there are many events for which the following overall recommendations apply. There are links throughout this document from the “Recommendations” sections of the relevant events to this appendix.
|
||||||
|
|
||||||
|
|||||||
@ -14,15 +14,12 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
ms.date: 07/25/2018
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Apply a basic audit policy on a file or folder
|
# Apply a basic audit policy on a file or folder
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
|
|
||||||
You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log.
|
You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log.
|
||||||
|
|
||||||
To complete this procedure, you must be signed in as a member of the built-in Administrators group or have **Manage auditing and security log** rights.
|
To complete this procedure, you must be signed in as a member of the built-in Administrators group or have **Manage auditing and security log** rights.
|
||||||
|
|||||||
@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 07/16/2018
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Account Lockout
|
# Audit Account Lockout
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Account Lockout enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out.
|
Audit Account Lockout enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out.
|
||||||
|
|
||||||
If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out.
|
If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out.
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Application Generated
|
# Audit Application Generated
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
Audit Application Generated generates events for actions related to Authorization Manager [applications](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770563(v=ws.11)).
|
Audit Application Generated generates events for actions related to Authorization Manager [applications](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770563(v=ws.11)).
|
||||||
|
|
||||||
Audit Application Generated subcategory is out of scope of this document, because [Authorization Manager](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc726036(v=ws.11)) is very rarely in use and it is deprecated starting from Windows Server 2012.
|
Audit Application Generated subcategory is out of scope of this document, because [Authorization Manager](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc726036(v=ws.11)) is very rarely in use and it is deprecated starting from Windows Server 2012.
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Application Group Management
|
# Audit Application Group Management
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
Audit Application Group Management generates events for actions related to [application groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771579(v=ws.11)), such as group creation, modification, addition or removal of group member and some other actions.
|
Audit Application Group Management generates events for actions related to [application groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771579(v=ws.11)), such as group creation, modification, addition or removal of group member and some other actions.
|
||||||
|
|
||||||
[Application groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771579(v=ws.11)) are used by [Authorization Manager](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc726036(v=ws.11)).
|
[Application groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771579(v=ws.11)) are used by [Authorization Manager](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc726036(v=ws.11)).
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Audit Policy Change
|
# Audit Audit Policy Change
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Audit Policy Change determines whether the operating system generates audit events when changes are made to audit policy.
|
Audit Audit Policy Change determines whether the operating system generates audit events when changes are made to audit policy.
|
||||||
|
|
||||||
|
|||||||
@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Authentication Policy Change
|
# Audit Authentication Policy Change
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Authentication Policy Change determines whether the operating system generates audit events when changes are made to authentication policy.
|
Audit Authentication Policy Change determines whether the operating system generates audit events when changes are made to authentication policy.
|
||||||
|
|
||||||
Changes made to authentication policy include:
|
Changes made to authentication policy include:
|
||||||
|
|||||||
@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Authorization Policy Change
|
# Audit Authorization Policy Change
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Authorization Policy Change allows you to audit assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects.
|
Audit Authorization Policy Change allows you to audit assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects.
|
||||||
|
|
||||||
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|
||||||
|
|||||||
@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Central Access Policy Staging
|
# Audit Central Access Policy Staging
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Central Access Policy Staging allows you to audit access requests where a permission granted or denied by a proposed policy differs from the current central access policy on an object.
|
Audit Central Access Policy Staging allows you to audit access requests where a permission granted or denied by a proposed policy differs from the current central access policy on an object.
|
||||||
|
|
||||||
If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event is generated as follows:
|
If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event is generated as follows:
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Certification Services
|
# Audit Certification Services
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
Audit Certification Services determines whether the operating system generates events when Active Directory Certificate Services (AD CS) operations are performed.
|
Audit Certification Services determines whether the operating system generates events when Active Directory Certificate Services (AD CS) operations are performed.
|
||||||
|
|
||||||
Examples of AD CS operations include:
|
Examples of AD CS operations include:
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Computer Account Management
|
# Audit Computer Account Management
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Computer Account Management determines whether the operating system generates audit events when a computer account is created, changed, or deleted.
|
Audit Computer Account Management determines whether the operating system generates audit events when a computer account is created, changed, or deleted.
|
||||||
|
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Credential Validation
|
# Audit Credential Validation
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Credential Validation determines whether the operating system generates audit events on credentials that are submitted for a user account logon request.
|
Audit Credential Validation determines whether the operating system generates audit events on credentials that are submitted for a user account logon request.
|
||||||
|
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Detailed Directory Service Replication
|
# Audit Detailed Directory Service Replication
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Detailed Directory Service Replication determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers.
|
Audit Detailed Directory Service Replication determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers.
|
||||||
|
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Detailed File Share
|
# Audit Detailed File Share
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Detailed File Share allows you to audit attempts to access files and folders on a shared folder.
|
Audit Detailed File Share allows you to audit attempts to access files and folders on a shared folder.
|
||||||
|
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Directory Service Access
|
# Audit Directory Service Access
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Directory Service Access determines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed.
|
Audit Directory Service Access determines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed.
|
||||||
|
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Directory Service Changes
|
# Audit Directory Service Changes
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Directory Service Changes determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS).
|
Audit Directory Service Changes determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS).
|
||||||
|
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Directory Service Replication
|
# Audit Directory Service Replication
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Directory Service Replication determines whether the operating system generates audit events when replication between two domain controllers begins and ends.
|
Audit Directory Service Replication determines whether the operating system generates audit events when replication between two domain controllers begins and ends.
|
||||||
|
|
||||||
|
|||||||
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Distribution Group Management
|
# Audit Distribution Group Management
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
Audit Distribution Group Management determines whether the operating system generates audit events for specific distribution-group management tasks.
|
Audit Distribution Group Management determines whether the operating system generates audit events for specific distribution-group management tasks.
|
||||||
|
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit DPAPI Activity
|
# Audit DPAPI Activity
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit [DPAPI](/previous-versions/ms995355(v=msdn.10)) Activity determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface ([DPAPI](/previous-versions/ms995355(v=msdn.10))).
|
Audit [DPAPI](/previous-versions/ms995355(v=msdn.10)) Activity determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface ([DPAPI](/previous-versions/ms995355(v=msdn.10))).
|
||||||
|
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit File Share
|
# Audit File Share
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit File Share allows you to audit events related to file shares: creation, deletion, modification, and access attempts. Also, it shows failed SMB SPN checks.
|
Audit File Share allows you to audit events related to file shares: creation, deletion, modification, and access attempts. Also, it shows failed SMB SPN checks.
|
||||||
|
|
||||||
|
|||||||
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit File System
|
# Audit File System
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> For more details about applicability on older operating system versions, read the article [Audit File System](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319068(v=ws.11)).
|
> For more details about applicability on older operating system versions, read the article [Audit File System](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319068(v=ws.11)).
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Filtering Platform Connection
|
# Audit Filtering Platform Connection
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Filtering Platform Connection determines whether the operating system generates audit events when connections are allowed or blocked by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page).
|
Audit Filtering Platform Connection determines whether the operating system generates audit events when connections are allowed or blocked by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page).
|
||||||
|
|
||||||
|
|||||||
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/06/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audit Filtering Platform Packet Drop
|
# Audit Filtering Platform Packet Drop
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
Audit Filtering Platform Packet Drop determines whether the operating system generates audit events when packets are dropped by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page).
|
Audit Filtering Platform Packet Drop determines whether the operating system generates audit events when packets are dropped by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page).
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user