Auditing of Account Management: User Account Management events on failure should be enabled or disabled as appropriate. This security policy setting determines whether the operating system generates audit events when the following user account management tasks are performed: * A user account is created, changed, deleted, renamed, disabled, enabled, locked out, or unlocked. * A user account password is set or changed. * Security identifier (SID) history is added to a user account. * The Directory Services Restore Mode password is set. * Permissions on accounts that are members of administrators groups are changed. * Credential Manager credentials are backed up or restored. This policy setting is essential for tracking events that involve provisioning and managing user accounts. Fix: (1) GPO: Commandline: auditpol.exe (2) REG: NO INFO