deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/keep-secure/audit-dpapi-activity.md
Brian Lich fa5ddfcf9d changing from ms.prod: W10 to ms.prod: w10
2016-06-02 15:42:37 -07:00

39 lines
2.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Audit DPAPI Activity (Windows 10)
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit DPAPI Activity, which determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface (DPAPI).
ms.assetid: be4d4c83-c857-4e3d-a84e-8bcc3f2c99cd
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: Mir0sh
---
# Audit DPAPI Activity
**Applies to**
- Windows 10
- Windows Server 2016
Audit [DPAPI](https://msdn.microsoft.com/en-us/library/ms995355.aspx) Activity determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface ([DPAPI](https://msdn.microsoft.com/en-us/library/ms995355.aspx)).
**Event volume**: Low.
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Domain Controller | IF | IF | IF | IF | IF Events in this subcategory typically have an informational purpose and it is difficult to detect any malicious activity using these events. Its mainly used for DPAPI troubleshooting. |
| Member Server | IF | IF | IF | IF | IF Events in this subcategory typically have an informational purpose and it is difficult to detect any malicious activity using these events. Its mainly used for DPAPI troubleshooting. |
| Workstation | IF | IF | IF | IF | IF Events in this subcategory typically have an informational purpose and it is difficult to detect any malicious activity using these events. Its mainly used for DPAPI troubleshooting. |
**Events List:**
- [4692](event-4692.md)(S, F): Backup of data protection master key was attempted.
- [4693](event-4693.md)(S, F): Recovery of data protection master key was attempted.
- [4694](event-4694.md)(S, F): Protection of auditable protected data was attempted.
- [4695](event-4695.md)(S, F): Unprotection of auditable protected data was attempted.
Reference in New Issue View Git Blame Copy Permalink