Audit Policy: Policy Change: Other Policy Change Events
|ID: oval:org.secpod.oval:def:23010||Date: (C)2015-01-07 (M)2018-03-24|
|Class: COMPLIANCE||Family: windows|
This subcategory reports other types of security policy changes such as configuration of the Trusted Platform Module (TPM) or cryptographic providers. Events for this subcategory include:
? 4909: The local policy settings for the TBS were changed.
? 4910: The group policy settings for the TBS were changed.
? 5063: A cryptographic provider operation was attempted.
? 5064: A cryptographic context operation was attempted.
? 5065: A cryptographic context modification was attempted.
? 5066: A cryptographic function operation was attempted.
? 5067: A cryptographic function modification was attempted.
? 5068: A cryptographic function provider operation was attempted.
? 5069: A cryptographic function property operation was attempted.
? 5070: A cryptographic function property modification was attempted.
? 5447: A Windows Filtering Platform filter has been changed.
? 6144: Security policy in the group policy objects has been applied successfully.
? 6145: One or more errors occurred while processing security policy in the group policy objects.
Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 2008? for the most recent information about this setting: http://support.microsoft.com/default.aspx/kb/947226.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Policy Change!The policy setting for this audit category determines whether to audit Other Policy Change events on computers running Windows Vista or later Windows operating systems.
(2) REG: NO REGISTRY INFO
|Microsoft Windows Server 2012 R2|