reversed failure audit desc

2025-05-14 06:17:22 +00:00 · 2019-02-28 16:11:10 -08:00 · 2019-02-28 16:11:10 -08:00 · b35ad6e48f
commit b35ad6e48f
parent fc1dbf54c4
2 changed files with 6 additions and 6 deletions
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: Mir0sh
-ms.date: 04/19/2017
+ms.date: 02/28/2019
 ---

 # Audit Security Group Management
@ -32,9 +32,9 @@ This subcategory allows you to audit events generated by changes to security gro

 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                         |
 |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
-| Member Server     | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
-| Workstation       | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
+| Domain Controller | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.|
+| Member Server     | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.|
+| Workstation       | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.|

 **Events List:**

--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: tedhardyMSFT
-ms.date: 02/16/2018
+ms.date: 02/28/2019
 ms.localizationpriority: medium
 ---

@ -338,7 +338,7 @@ If your organizational audit policy enables additional auditing to meet its need
 | Category           | Subcategory                     | Audit settings      |
 |--------------------|---------------------------------|---------------------|
 | Account Logon      | Credential Validation           | Success and Failure |
-| Account Management | Security Group Management       | Success and Failure |
+| Account Management | Security Group Management       | Success  |
 | Account Management | User Account Management         | Success and Failure |
 | Account Management | Computer Account Management     | Success and Failure |
 | Account Management | Other Account Management Events | Success and Failure |