Audit: Audit the access of global system objectsID: oval:org.secpod.oval:def:8736 | Date: (C)2013-01-21 (M)2023-05-09 |
Class: COMPLIANCE | Family: windows |
The Audit: Audit the access of global system objects setting should be configured correctly.
This policy setting creates a default system access control list (SACL) for system objects such as mutexes (mutual exclusive), events, semaphores, and MS-DOS devices, and causes access to these system objects to be audited. If the Audit: Audit the access of global system objects setting is enabled, a very large number of security events could quickly fill the Security event log.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects
(2) KEY: HKLM\System\Currentcontrolset\Control\Lsa\AuditBaseObjects
Platform: |
Microsoft Windows Server 2008 R2 |