Audit Policy: Account Management: Security Group Management (Failure)ID: oval:org.secpod.oval:def:18959 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Account Management: Security Group Management events on failure should be enabled or disabled as appropriate.
Audit Security Group Management, which determines whether the operating system generates audit events when specific security group management tasks are performed. Tasks for security group management include: * A security group is created, changed, or deleted. * A member is added to or removed from a security group. * A group's type is changed. Security groups can be used for access control permissions and also as distribution lists.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |