Audit Policy: Object Access: Kernel Object (Failure)ID: oval:org.secpod.oval:def:18925 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Object Access: Kernel Object events on failure should be enabled or disabled as appropriate.
Audit Kernel Object, which determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events. The audits generated are usually useful only to developers. Typically, kernel objects are given SACLs only if the AuditBaseObjects or AuditBaseDirectories auditing options are enabled.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |