audit policy

The <audit policy> inspectors return the policies put in place for recording information about security-related operations on the client computer. For example, you can set a policy to monitor the modification of files. This will trigger an audit entry showing whenever a file is modified, the associated user account, and the date and time of the action. You can audit both successful and failed attempts at actions. Often, the failed attempts are more interesting, as they may indicate attempts to unsuccessfully subvert a policy. For instance, a successful login is not as interesting as a repeated failure might be.

Version Platforms
8.0.584.0 Windows

Creation

audit policy : audit policy

Properties

account logon category of <audit policy> : audit policy category
account management category of <audit policy> : audit policy category
detailed tracking category of <audit policy> : audit policy category
ds access category of <audit policy> : audit policy category
logon logoff category of <audit policy> : audit policy category
object access category of <audit policy> : audit policy category
policy change category of <audit policy> : audit policy category
privilege use category of <audit policy> : audit policy category
system category of <audit policy> : audit policy category