2.1 KiB
title, description, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, author
| title | description | ms.assetid | ms.prod | ms.mktglfcycl | ms.sitesec | author |
|---|---|---|---|---|---|---|
| Audit Authorization Policy Change (Windows 10) | This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Authorization Policy Change, which determines whether the operating system generates audit events when specific changes are made to the authorization policy. | ca0587a2-a2b3-4300-aa5d-48b4553c3b36 | W10 | deploy | library | brianlic-msft |
Audit Authorization Policy Change
Applies to
- Windows 10
This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Authorization Policy Change, which determines whether the operating system generates audit events when specific changes are made to the authorization policy.
Authorization policy changes that can be audited include:
-
Assigning or removing user rights (privileges) such as SeCreateTokenPrivilege, except for the system access rights that are audited by using the Audit Authentication Policy Change subcategory.
-
Changing the Encrypting File System (EFS) policy.
Event volume: Low
Default: Not configured
| Event ID | Event message |
|---|---|
4704 |
A user right was assigned. |
4705 |
A user right was removed. |
4706 |
A new trust was created to a domain. |
4707 |
A trust to a domain was removed. |
4714 |
Encrypted data recovery policy was changed. |
Related topics
Advanced security audit policy settings