Workstations Enhanced Auditing Policy | |
Data collected on: 7/27/2017 8:05:43 AM |
Domain | windomain.local |
Owner | WINDOMAIN\vagrant |
Created | 7/26/2017 8:25:22 PM |
Modified | 7/26/2017 8:25:22 PM |
User Revisions | 1 (AD), 1 (SYSVOL) |
Computer Revisions | 1 (AD), 1 (SYSVOL) |
Unique ID | {B5FC8065-7F49-47F4-BAAA-C524E0AA5D11} |
GPO Status | User settings disabled |
Location | Enforced | Link Status | Path |
---|---|---|---|
Workstations | Yes | Enabled | windomain.local/Workstations |
Name |
---|
NT AUTHORITY\Authenticated Users |
Name | Allowed Permissions | Inherited |
---|---|---|
NT AUTHORITY\Authenticated Users | Read (from Security Filtering) | No |
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | Read | No |
NT AUTHORITY\SYSTEM | Edit settings, delete, modify security | No |
WINDOMAIN\Domain Admins | Edit settings, delete, modify security | No |
WINDOMAIN\Enterprise Admins | Edit settings, delete, modify security | No |
WINDOMAIN\vagrant | Edit settings, delete, modify security | No |
Policy | Setting |
---|---|
Policy version | 2.22 |
Disable stateful FTP | Not Configured |
Disable stateful PPTP | Not Configured |
IPsec exempt | Not Configured |
IPsec through NAT | Not Configured |
Preshared key encoding | Not Configured |
SA idle time | Not Configured |
Strong CRL check | Not Configured |
Name | Description | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Windows Remote Management (HTTP-In) | Inbound rule for Windows Remote Management via WS-Management. [TCP 5985] | ||||||||||||||||||||||||||||||||||||
|
Policy | Setting |
---|---|
Audit Credential Validation | Success, Failure |
Audit Other Account Logon Events | Success, Failure |
Policy | Setting |
---|---|
Audit Security Group Management | Success, Failure |
Audit User Account Management | Success, Failure |
Policy | Setting |
---|---|
Audit DPAPI Activity | Success, Failure |
Audit PNP Activity | Success, Failure |
Audit Process Creation | Success, Failure |
Audit Process Termination | Success, Failure |
Policy | Setting |
---|---|
Audit Account Lockout | Success, Failure |
Audit User / Device Claims | Success, Failure |
Audit Group Membership | Success, Failure |
Audit Logoff | Success, Failure |
Audit Logon | Success, Failure |
Audit Other Logon/Logoff Events | Success, Failure |
Audit Special Logon | Success, Failure |
Policy | Setting |
---|---|
Audit Detailed File Share | Success, Failure |
Audit File Share | Success, Failure |
Audit File System | Success, Failure |
Audit Filtering Platform Connection | Failure |
Audit Other Object Access Events | Success, Failure |
Audit Registry | Success, Failure |
Audit Removable Storage | Success, Failure |
Policy | Setting |
---|---|
Audit Audit Policy Change | Success, Failure |
Audit Authentication Policy Change | Success, Failure |
Audit MPSSVC Rule-Level Policy Change | Success, Failure |
Audit Other Policy Change Events | Success, Failure |
Policy | Setting |
---|---|
Audit Non Sensitive Privilege Use | Failure |
Audit Sensitive Privilege Use | Success, Failure |
Policy | Setting |
---|---|
Audit Other System Events | Success, Failure |
Audit Security State Change | Success, Failure |
Audit Security System Extension | Success, Failure |
Audit System Integrity | Success, Failure |
Policy | Setting | Comment |
---|---|---|
Include command line in process creation events | Enabled |
Policy | Setting | Comment | ||
---|---|---|---|---|
Back up log automatically when full | Disabled | |||
Control Event Log behavior when the log file reaches its maximum size | Disabled | |||
Specify the maximum log file size (KB) | Enabled | |||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
Back up log automatically when full | Disabled | |||
Control Event Log behavior when the log file reaches its maximum size | Disabled | |||
Specify the maximum log file size (KB) | Enabled | |||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
Back up log automatically when full | Disabled | |||
Control Event Log behavior when the log file reaches its maximum size | Disabled | |||
Specify the maximum log file size (KB) | Enabled | |||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
Turn on Script Execution | Enabled | |||
|
Action | Update |
Hive | HKEY_LOCAL_MACHINE |
Key path | SYSTEM\CurrentControlSet\Control\Lsa |
Value name | RestrictRemoteSamEventThrottlingWindow |
Value type | REG_DWORD |
Value data | 0x0 (0) |
Stop processing items on this extension if an error occurs on this item | No |
Remove this item when it is no longer applied | No |
Apply once and do not reapply | No |