Audit system events This security setting determines whether the OS audits any of the following events: Attempted system ...

Audit system events

This security setting determines whether the OS audits any of the following events: 

• Attempted system time change
• Attempted security system startup or shutdown
• Attempt to load extensible authentication components
• Loss of audited events due to auditing system failure
• Security log size exceeding a configurable warning threshold level.

If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successes nor failures). 

If Success auditing is enabled, an audit entry is generated each time the OS performs one of these activities successfully. 

If Failure auditing is enabled, an audit entry is generated each time the OS attempts and fails to perform one of these activities.

Default:
Security State Change  Success
Security System Extension  No Auditing
System Integrity  Success, Failure
IPsec Driver  No Auditing
Other System Events  Success, Failure

Important: For more control over auditing policies, use the settings in the Advanced Audit Policy Configuration node. For more information about Advanced Audit Policy Configuration, see http://go.microsoft.com/fwlink/?LinkId=140969.

Audit privilege use This security setting determines whether to audit each instance of a user exercising a user right. If ... Audit process tracking This security setting determines whether the OS audits process-related events such as process creation, ... Audit registry global object access This policy setting allows you to apply a global object access audit policy to the registry ... Audit Security Object changed: Primary User Name: %1 Primary Domain: %2 Primary Logon ID: %3 Client User Name: %4 Client ... Audit system events This security setting determines whether the OS audits any of the following events: Attempted system ... Audit: Audit the access of global system objects This security setting determines whether to audit the access of global system ... Audit: Audit the use of Backup and Restore privilege This security setting determines whether to audit the use of all user ... Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings. Windows ... Audit: Shut down system immediately if unable to log security audits This security setting determines whether the system ...