Audit: Audit the access of global system objectsID: oval:org.secpod.oval:def:27426 | Date: (C)2015-10-08 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
This policy setting creates a default system access control list (SACL) for system objects such as mutexes (mutual exclusive), events, semaphores, and MS-DOS devices, and causes access to these system objects to be audited.
If the Audit: Audit the access of global system objects setting is enabled, a very large number of security events could quickly fill the Security event log.
This policy setting creates a default system access control list (SACL) for system objects such as mutexes (mutual exclusive), events, semaphores, and MS-DOS devices, and causes access to these system objects to be audited.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Audit: Audit the access of global system objects
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa!AuditBaseObjects
Platform: |
Microsoft Windows Server 2012 R2 |