Audit Policy: Logon-Logoff: Group MembershipID: oval:org.secpod.oval:def:89591 | Date: (C)2023-05-03 (M)2023-12-12 |
Class: COMPLIANCE | Family: windows |
This policy allows you to audit the group membership information in the user logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
The recommended state for this setting is to include: Success .
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Policy: Logon-Logoff: Group Membership
(2) REG: NO REGISTRY INFO
Platform: |
Microsoft Windows Server 2019 |