17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success' (Automated)
System_AuditSecurityStateChange
This policy setting allows you to audit events generated by changes in the security state of the computer such as the following events: Startup and shutdown of the computer. Change of system time. Recovering the system from CrashOnAuditFail, which is logged after a system restarts when the security event log is full and the CrashOnAuditFail registry entry is configured.
./Device/Vendor/MSFT/Policy/Config/Audit/System_AuditSecurityStateChange
Format: int Value: 1
Audit event on success.
YES
Auditing
Audit Security State Change
Previous17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure' (Automated)Next17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success' (Automated)
Last updated