Auditing of Audit process tracking events on success should be enabled or disabled as appropriate.
Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. By default, this value is set to No auditing in the Default Domain Controller Group Policy object (GPO) and in the local policies of workstat ...
Auditing of Policy Change: Audit Policy Change events on failure should be enabled or disabled as appropriate.
This security setting determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies. If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success a ...
Auditing of Policy Change: Authorization Policy Change events on failure should be enabled or disabled as appropriate.
This security policy setting determines whether the operating system generates audit events when the following changes are made to the authorization policy: Assigning or removing of user rights (privileges) such as SeCreateTokenPrivilege, except for the system access rights that ...
Auditing of Policy Change: MPSSVC Rule-Level Policy Change events on failure should be enabled or disabled as appropriate.
This security policy setting determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe), which is used by Windows Firewall. The tracked activities include: Active policies when the Win ...
Auditing of Account Logon: Credential Validation events on success should be enabled or disabled as appropriate.
This subcategory reports the results of validation tests on credentials submitted for a user account logon request. These events occur on the computer that is authoritative for the credentials. For domain accounts, the domain controller is authoritative, whereas for local accounts, the ...
Auditing of Account Logon: Kerberos Service Ticket Operations events on success should be enabled or disabled as appropriate.
This subcategory reports generated by Kerberos ticket request processes on the domain controller that is authoritative for the domain account. Events for this subcategory include: - 4769: A Kerberos service ticket was requested. - 4770: A Kerberos service ticket was renewe ...