Detailed Security Auditing for Windows Vista, 7 and 2008

Detailed Security Auditing for Windows Vista, 7 and 2008 enables you to run compliance scans to test detailed security auditing settings, per the latest security guidelines from CIS and Microsoft. To perform these security tests, a Manager must accept the Dissolvable Agent (Agent) for the subscription. To accept the Agent, go to Setup > Dissolvable Agent and then click the Accept button.

Please note these security tests will be performed automatically by the service once the Agent is accepted, without changes to your option profile.

The following detailed security auditing tests are supported for Windows Vista, 7 and 2008.

Audit Policies

Account Logon

Audit Credential Validation

Audit Kerberos Authentication Service

Audit Kerberos Service Ticket Operations

Audit Other Account Logon Events

Account Management

Audit Application Group Management

Audit Computer Management

Audit Distribution Group Management

Audit Other Account Management Events

Audit Security Group Management

Audit User Account Management

Detailed Tracking

Audit DPAPI Activity

Audit Process Creation

Audit Process Termination

Audit RPC Events

DS Access

Audit Detailed Directory Service Replication

Audit Directory Service Access

Audit Directory Service Changes

Audit Directory Service Replication

Logon/Logoff

Audit Account Lockout

Audit IPSec Extended Mode

Audit IPSec Main Mode

Audit IPSec Quick Mode

Audit Logoff

Audit Logon

Audit Network Policy Server

Audit Other Logon/Logoff Events

Audit Special Logon

Object Access

Audit Application Generated

Audit Certification Services

Audit Detailed File Share

Audit File Share

Audit File System

Audit Filtering Platform Connection

Audit Filtering Platform Packet Drop

Audit Handle Manipulation

Audit Kernel Object

Audit Other Object Access Events

Audit Registry

Audit SAM

Policy Change

Audit Audit Policy Change

Audit Authentication Policy Change

Audit Authorization Policy Change

Audit Filtering Platform Policy Change

Audit MPSSVC Rule-Level Policy Change

Audit Other Policy Change Events

Privilege Use

Audit Non-Sensitive Privilege Use

Audit Sensitive Privilege Use

Audit Other Privilege Use Events

System

Audit IPsec Driver

Audit Other System Events

Audit Security State Change

Audit Security System Extension

Audit System Integrity