audit policy

The <audit policy> inspectors return the policies put in place for recording information about security-related operations on the client computer. For example, you can set a policy to monitor the modification of files. This will trigger an audit entry showing whenever a file is modified, the associated user account, and the date and time of the action. You can audit both successful and failed attempts at actions. Often, the failed attempts are more interesting, as they may indicate attempts to unsuccessfully subvert a policy. For instance, a successful login is not as interesting as a repeated failure might be.

Creation
Properties

Version	Platforms
8.0.584.0	Windows

Creation

audit policy : audit policy

Windows Vista (and later versions of Windows) allows a finer granularity with audit policies by using subcategories. Setting audit policy at the category level overrides the new subcategory feature. A new registry key introduced in Vista is used to manage subcategories without requiring a change to Group Policy. This registry can be set to prevent the application of category-level audit policy from both Group Policy and the Local Security Policy admin tool.

Plural: audit policies

Version	Platforms
8.0.584.0	Windows

permalink source

Properties

account logon category of <audit policy> : audit policy category

Returns an object corresponding to the Account Logon category of the audit policy.

Plural: account logon categories

Version	Platforms
8.0.584.0	Windows

permalink source

account management category of <audit policy> : audit policy category

Returns an object corresponding to the Account Management category of the audit policy.

Plural: account management categories

Version	Platforms
8.0.584.0	Windows

permalink source

category of <audit policy> : audit policy category

Returns the categories of the specified audit policy.

Plural: categories

Version	Platforms
8.0.584.0	Windows

permalink source

detailed tracking category of <audit policy> : audit policy category

Returns an object corresponding to the Detailed Tracking category of the specified audit policy.

Plural: detailed tracking categories

Version	Platforms
8.0.584.0	Windows

permalink source

ds access category of <audit policy> : audit policy category

Returns an object corresponding to the DS Access category of the audit policy.

Plural: ds access categories

Version	Platforms
8.0.584.0	Windows

permalink source

logon logoff category of <audit policy> : audit policy category

Returns an object corresponding to the Logon/Logoff category of the audit policy.

Plural: logon logoff categories

Version	Platforms
8.0.584.0	Windows

permalink source

object access category of <audit policy> : audit policy category

Returns an object corresponding to the Object Access category of the audit policy.

Plural: object access categories

Version	Platforms
8.0.584.0	Windows

permalink source

policy change category of <audit policy> : audit policy category

Returns an object corresponding to the Policy Change category of the audit policy.

Plural: policy change categories

Version	Platforms
8.0.584.0	Windows

permalink source

privilege use category of <audit policy> : audit policy category

Returns an object corresponding to the Privilege Use category of the audit policy.

Plural: privilege use categories

Version	Platforms
8.0.584.0	Windows

permalink source

system category of <audit policy> : audit policy category

Returns an object corresponding to the System category of the audit policy.

Plural: system categories

Version	Platforms
8.0.584.0	Windows

permalink source