CCE-37850-5| Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-14 |
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista.
The Audit Policy settings available in Windows Server 2003 Active Directory do not yet contain settings for managing the new auditing subcategories. To properly apply the auditing policies prescribed in this baseline, the Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings setting needs to be configured to Enabled.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options!Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
(2) REG: HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsa!scenoapplylegacyauditpolicy
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.0 | Attack Vector: NETWORK |
| Exploit Score: 2.2 | Attack Complexity: HIGH |
| Impact Score: 4.7 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H | Scope: UNCHANGED |
| | Confidentiality: LOW |
| | Integrity: LOW |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:22852 |
