windows-itpro-docs/windows/security/threat-protection/auditing/audit-application-generated.md

title, description, ms.assetid, ms.reviewer, manager, ms.author, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.localizationpriority, author, ms.date, ms.technology, ms.topic

title	description	ms.assetid	ms.reviewer	manager	ms.author	ms.pagetype	ms.prod	ms.mktglfcycl	ms.sitesec	ms.localizationpriority	author	ms.date	ms.technology	ms.topic
Audit Application Generated	The policy setting, Audit Application Generated, determines if audit events are generated when applications attempt to use the Windows Auditing APIs.	6c58a365-b25b-42b8-98ab-819002e31871		aaroncz	vinpa	security	windows-client	deploy	library	low	vinaypamnani-msft	09/06/2021	itpro-security	reference

Audit Application Generated

Audit Application Generated generates events for actions related to Authorization Manager applications.

Audit Application Generated subcategory is out of scope of this document, because Authorization Manager is very rarely in use and it is deprecated starting from Windows Server 2012.

Computer Type	General Success	General Failure	Stronger Success	Stronger Failure	Comments
Domain Controller	IF	IF	IF	IF	IF – if you use Authorization Manager in your environment and you need to monitor events related to Authorization Manager applications, enable this subcategory.
Member Server	IF	IF	IF	IF	IF – if you use Authorization Manager in your environment and you need to monitor events related to Authorization Manager applications, enable this subcategory.
Workstation	IF	IF	IF	IF	IF – if you use Authorization Manager in your environment and you need to monitor events related to Authorization Manager applications, enable this subcategory.

Events List:

• 4665: An attempt was made to create an application client context.

• 4666: An application attempted an operation.

• 4667: An application client context was deleted.

• 4668: An application was initialized.