Manage auditing and security log
|ID: oval:org.secpod.oval:def:36548||Date: (C)2016-08-05 (M)2018-05-11|
|Class: COMPLIANCE||Family: windows|
This security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys.
This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be enabled, the Audit object access setting in Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policies must be configured.
You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log.
Ensure that only the local Administrators group has the Manage auditing and security log user right.
None. This is the default configuration.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Manage auditing and security log
(2) REG: ###
(3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeSecurityPrivilege' and precedence=1
|Microsoft Windows 10|