Auditing of Object Access: Application Generated events on success should be enabled or disabled as appropriate. This subcategory reports when applications attempt to generate audit events by using the Windows auditing application programming interfaces (APIs). Events for this subcategory include: - 4665: An attempt was made to create an application client context. - 4666: An application attempted an operation: - 4667: An application client context was deleted. - 4668: An application was initialized. Refer to the Microsoft Knowledgebase article Description of security events in Windows Vista and in Windows Server 2008 for the most recent information about this setting: http://support.microsoft.com/default.aspx/kb/947226. Fix: (1) GPO: Commandline: auditpol.exe (2) REG: NO INFO