PolicyChange_AuditAuthorizationPolicyChange

This policy setting allows you to audit events generated by changes to the authorization policy such as the following: Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that aren't audited through the "Authentication Policy Change" subcategory. Removal of user rights (privileges), such as SeCreateTokenPrivilege, that aren't audited through the "Authentication Policy Change" subcategory. Changes in the Encrypted File System (EFS) policy. Changes to the Resource attributes of an object. Changes to the Central Access Policy (CAP) applied to an object.

Audit Policy CSP - Windows Client ManagementMicrosoftLearn

PreviousPolicyChange_AuditAuthenticationPolicyChange NextAccountLogon_AuditCredentialValidation

Last updated 2 years ago