CCE-37435-5Platform: win2012r2 | Date: (C)2015-10-08 (M)2022-10-10 |
Audit policy change
This policy setting determines whether to audit every incident of a change to user rights assignment policies, Windows Firewall policies, Trust policies, or changes to the Audit policy itself. The recommended settings would let you see any account privileges that an attacker attempts to elevate?for example, by adding the Debug programs privilege or the Back up files and directories privilege.
Parameter:
Technical Mechanism:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy!Audit policy change
(2) WMI: root\rsop\computer#RSOP_AuditPolicy#Success, Failure#Category='AuditPolicyChange' and precedence=1
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: