Account Management: Audit Security Group ManagementID: oval:gov.nist.usgcb.windowsseven:def:160 | Date: (C)2012-04-13 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit events generated by changes to security groups such as the following:
Security group is created, changed, or deleted.
Member is added or removed from a security group.
Group type is changed.
If you configure this policy setting, an audit event is generated when an attempt to change a security group is made. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when a security group changes.
Volume: Low.
Default: Success.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Security Group Management
(2) REG: INFO NOT AVAILABLE
Platform: |
Microsoft Windows 7 |