Audit Policy: Detailed Tracking: Process CreationID: oval:org.secpod.oval:def:19044 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Detailed Tracking: Process Creation events on failure should be enabled or disabled as appropriate.
Audit Process Creation, which determines whether the operating system generates audit events when a process is created (starts). These audit events can help you track user activity and understand how a computer is being used. Information includes the name of the program or the user that created the process.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Detailed Tracking!Audit Policy: Detailed Tracking: Process Creation
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |