Audit Policy: Detailed Tracking: DPAPI ActivityID: oval:org.secpod.oval:def:19128 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Detailed Tracking: DPAPI Activity events on failure should be enabled or disabled as appropriate.
Audit DPAPI Activity, which determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface (DPAPI). DPAPI is used to protect secret information such as stored passwords and key information.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |