Audit: Audit the use of Backup and Restore privilege
|ID: oval:gov.nist.usgcb.windowsseven:def:56||Date: (C)2012-04-13 (M)2017-10-21|
|Class: COMPLIANCE||Family: windows|
This security setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use policy is in effect. Enabling this option when the Audit privilege use policy is also enabled generates an audit event for every file that is backed up or restored.
If you disable this policy, then use of the Backup or Restore privilege is not audited even when Audit privilege use is enabled.
Note: On Windows versions prior to Windows Vista configuring this security setting, changes will not take effect until you restart Windows. Enabling this setting can cause a LOT of events, sometimes hundreds per second, during a backup operation.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa!FullPrivilegeAuditing
|Microsoft Windows 7|