Audit Policy: Object Access: SAM| ID: oval:org.secpod.oval:def:22878 | Date: (C)2015-01-07 (M)2021-06-02 |
| Class: COMPLIANCE | Family: windows |
This subcategory reports when SAM objects are accessed. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 2008? for the most recent information about this setting: http://support.microsoft.com/default.aspx/kb/947226.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access!The policy setting controls whether to audit users who have accessed the Security Accounts Manager (SAM) object on computers running Windows Vista or later Windows operating systems.
(2) REG: NO REGISTRY INFO
| Platform: |
| Microsoft Windows Server 2012 R2 |
