[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98503

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings

ID: oval:gov.nist.usgcb.windowsseven:def:57Date: (C)2012-04-13   (M)2017-10-26
Class: COMPLIANCEFamily: windows




Windows Vista and later versions of Windows allow audit policy to be managed in a more precise way using audit policy subcategories. Setting audit policy at the category level will override the new subcategory audit policy feature. Group Policy only allows audit policy to be set at the category level, and existing group policy may override the subcategory settings of new machines as they are joined to the domain or upgraded to Windows Vista or later versions. To allow audit policy to be managed using subcategories without requiring a change to Group Policy, there is a new registry value in Windows Vista and later versions, SCENoApplyLegacyAuditPolicy, which prevents the application of category-level audit policy from Group Policy and from the Local Security Policy administrative tool. If the category level audit policy set here is not consistent with the events that are currently being generated, the cause might be that this registry key is set. Default: Enabled Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (2) REG: HKEY_LOCAL_MACHINE\System\Currentcontrolset\Control\Lsa!SCENoApplyLegacyAuditPolicy

Platform:
Microsoft Windows 7
Reference:
CCE-9432-6
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-9432-6
XCCDF    10
xccdf_gov.nist_benchmark_USGCB-Windows-7
xccdf_nist_benchmark_Windows_7
xccdf_org.secpod_benchmark_Windows_7
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_7
...

© 2013 SecPod Technologies