Account Management: Audit Security Group Management
|ID: oval:gov.nist.usgcb.windowsseven:def:160||Date: (C)2012-04-13 (M)2017-10-26|
|Class: COMPLIANCE||Family: windows|
This policy setting allows you to audit events generated by changes to security groups such as the following:
Security group is created, changed, or deleted.
Member is added or removed from a security group.
Group type is changed.
If you configure this policy setting, an audit event is generated when an attempt to change a security group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when a security group changes.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Security Group Management
(2) REG: INFO NOT AVAILABLE
|Microsoft Windows 7|