AUDITPOL.exe

Account Logon

– Audit Kerberos Service Ticket Operations

auditpol /set /subcategory:"Kerberos Service Ticket Operations" /success:enable /failure:enable

Audit Kerberos Authentication Service

auditpol /set /subcategory:"Kerberos Authentication Service" /success:enable /failure:enable

Account Management

Audit Computer Account Management

auditpol /set /subcategory:"Computer Account Management" /success:enable /failure:enable

Audit other Account Management Events

auditpol /set /subcategory:"Other Account Management Events" /success:enable /failure:enable

Audit Security Group Management

auditpol /set /subcategory:"Security Group Management" /success:enable /failure:enable

Audit User Account Management

auditpol /set /subcategory:"User Account Management" /success:enable /failure:enable

Detailled Tracking

Audit DPAPI activity

auditpol /set /subcategory:"DPAPI Activity" /success:enable /failure:enable

Audit PNP Activity

auditpol /set /subcategory:"Plug and Play Events" /success:enable /failure:enable

Audit Process Creation

auditpol /set /subcategory:"Process Creation" /success:enable /failure:enable

DS Access

Audit Directory Service Access

auditpol /set /subcategory:"Directory Service Access" /failure:enable

Audit Directory Service Changes

auditpol /set /subcategory:"Directory Service Changes" /success:enable /failure:enable

Logon / logoff

Audit Account Lockout

auditpol /set /subcategory:"Account Lockout" /success:enable /failure:enable

Audit Special Logon

auditpol /set /subcategory:"Special Logon" /success:enable

Audit Logoff

auditpol /set /subcategory:"logoff" /success:enable /failure:enable

Audit Logon

auditpol /set /subcategory:"logon" /success:enable /failure:enable

Object Access

Audit Removable Storage

auditpol /set /subcategory:"Removable Storage" /success:enable /failure:enable

Policy Change

Audit Policy Change

auditpol /set /subcategory:"Audit Policy Change" /success:enable /failure:enable

Audit Authentication Policy Change

auditpol /set /subcategory:"Authentication Policy Change" /success:enable

Privilege use

Audit Sensitive Privilege Use

auditpol /set /subcategory:"Sensitive Privilege Use" /success:enable

System

Audit IPsec Driver

auditpol /set /subcategory:"IPsec Driver" /success:enable /failure:enable

Audit Other System Events

auditpol /set /subcategory:"Other System Events" /success:enable /failure:enable

Audit Security State Change

auditpol /set /subcategory:"Security State Change" /success:enable

Audit Security System Extension

auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable

Audit System Integrity

auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable