deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-07 01:57:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/keep-secure/audit-application-generated.md
Brian Lich 6d38dc68b7 refreshing conversion test build
2016-03-21 11:28:01 -07:00

78 lines
2.2 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Audit Application Generated (Windows 10)
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs).
ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871
ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
author: brianlic-msft
---
# Audit Application Generated
**Applies to**
- Windows 10
This topic for the IT professional describes the Advanced Security Audit policy setting, **Audit Application Generated**, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs).
The following events can generate audit activity:
- Creation, deletion, or initialization of an application client context
- Application operations
Applications that are designed to use the Windows Auditing APIs can use this subcategory to log auditing events that are related to those APIs. The level, volume, relevance, and importance of these audit events depend on the application that generates them. The operating system logs the events as they are generated by the application.
Event volume: Depends on the installed app's use of the Windows Auditing APIs
Default: Not configured
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Event ID</th>
<th align="left">Event message</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>4665</p></td>
<td align="left"><p>An attempt was made to create an application client context.</p></td>
</tr>
<tr class="even">
<td align="left"><p>4666</p></td>
<td align="left"><p>An application attempted an operation:</p></td>
</tr>
<tr class="odd">
<td align="left"><p>4667</p></td>
<td align="left"><p>An application client context was deleted.</p></td>
</tr>
<tr class="even">
<td align="left"><p>4668</p></td>
<td align="left"><p>An application was initialized.</p></td>
</tr>
</tbody>
</table>
 
## Related topics
[Advanced security audit policy settings](advanced-security-audit-policy-settings.md)
 
 
Reference in New Issue View Git Blame Copy Permalink