Audit registry global object access This policy setting allows you to apply a global object access audit policy to the registry ...

Audit registry global object access

This policy setting allows you to apply a global object access audit policy to the registry for an entire computer. This policy setting allows you to demonstrate that every registry object on the computer is protected by an audit policy that is managed from a central location.

This setting applies a global system access control list (SACL) to every registry object. If both a registry SACL and a global SACL are configured on a computer, the effective SACL is derived by combining the registry SACL and the global SACL. This means that an audit event is generated when an activity matches either the registry key SACL or the global SACL.

To configure a global object access policy, you must select Define this policy setting and click Configure to add at least one user or group to the global SACL. You must also enable the Audit Registry setting under Advanced Audit Policy Configuration\System Audit Policies\Object Access.

Volume: Depends on the effective SACL and the level of user activity.

Audit policy change This security setting determines whether the OS audits each instance of attempts to change user rights ... Audit Policy Change: New Policy: Success Failure %3 %4 Logon/Logoff %5 %6 Object Access %7 %8 Privilege Use %13 %14 Account ... Audit privilege use This security setting determines whether to audit each instance of a user exercising a user right. If ... Audit process tracking This security setting determines whether the OS audits process-related events such as process creation, ... Audit registry global object access This policy setting allows you to apply a global object access audit policy to the registry ... Audit Security Object changed: Primary User Name: %1 Primary Domain: %2 Primary Logon ID: %3 Client User Name: %4 Client ... Audit system events This security setting determines whether the OS audits any of the following events: Attempted system ... Audit: Audit the access of global system objects This security setting determines whether to audit the access of global system ... Audit: Audit the use of Backup and Restore privilege This security setting determines whether to audit the use of all user ...