Audit Policy Change
 |
Windows 10
To access, do the following
-
Expand Local Policies
 |
-
Expand Audit Policy
 |
-
Double-click Audit account logon events
 |
Audit policy change
This security setting determines whether the OS audits each instance of attempts to change user rights assignment policy, audit policy, account policy, or trust policy.
The administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successes nor failures).
If Success auditing is enabled, an audit entry is generated when an attempted change to user rights assignment policy, audit policy, or trust policy is successful.
If Failure auditing is enabled, an audit entry is generated when an attempted change to user rights assignment policy, audit policy, or trust policy is attempted by an account that is not authorized to make the requested policy change.
Default:
Audit Policy Change: Success
Authentication Policy Change: Success
Authorization Policy Change: No Auditing
MPSSVC Rule-Level Policy Change: No Auditing
Filtering Platform Policy Change: No Auditing
Other Policy Change Events: No Auditing
Important: For more control over auditing policies, use the settings in the Advanced Audit Policy Configuration node. For more information about Advanced Audit Policy Configuration, see https://go.microsoft.com/fwlink/?LinkId=140969.