Event ID: 4912
Per User Audit Policy was changedPer User Audit Policy was changed. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Policy For Account: Security ID: %5 Policy Change Details: Category: %6 Subcategory: %7 Subcategory GUID: %8 Changes: %9
Auditing:
Always
This event is always logged regardless of the "Audit Policy Change" sub-category setting.
Volume:
Low
Microsoft Documentation
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Audit Policy Change"
Operating Systems:
Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019Tags:
Audit SuccessLEFT/RIGHT arrow keys for navigation
Back to List