Audit: Audit the access of global system objectsID: oval:org.secpod.oval:def:22450 | Date: (C)2015-01-07 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
This security setting determines whether to audit the access of global system objects.
If this policy is enabled, it causes system objects, such as mutexes, events, semaphores and DOS devices, to be created with a default system access control list (SACL). Only named objects are given a SACL; SACLs are not given to objects without names. If the Audit object access audit policy is also enabled, access to these system objects is audited.
Note: When configuring this security setting, changes will not take effect until you restart Windows.
Default: Disabled.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Audit: Audit the access of global system objects
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa!AuditBaseObjects
Platform: |
Microsoft Windows 8.1 |