Skip to main content
Super User

Return to Question

Post Undeleted by anderZubi
Post Deleted by anderZubi
add more information to the question
Source Link
anderZubi
anderZubi
  • 121
  • 7

I want to audit registry modifications, or attempts in case of failure. For that purpose, I have set the audit policy as follows:

auditpol /set /subcategory:"Registry" /success:enable /failure:enable

However, even if I modify the registry, or attempt to modify keys where I don't have modification permission, I am not able to see any logs in the Event Viewer, under Security log.

The user I am setting the policy with, and then editing the registry is a Local Administrator user. The computer is not member of a domain.

What am I missing here?

I want to audit registry modifications, or attempts in case of failure. For that purpose, I have set the audit policy as follows:

auditpol /set /subcategory:"Registry" /success:enable /failure:enable

However, even if I modify the registry, or attempt to modify keys where I don't have modification permission, I am not able to see any logs in the Event Viewer, under Security log.

What am I missing here?

I want to audit registry modifications, or attempts in case of failure. For that purpose, I have set the audit policy as follows:

auditpol /set /subcategory:"Registry" /success:enable /failure:enable

However, even if I modify the registry, or attempt to modify keys where I don't have modification permission, I am not able to see any logs in the Event Viewer, under Security log.

The user I am setting the policy with, and then editing the registry is a Local Administrator user. The computer is not member of a domain.

What am I missing here?

Source Link
anderZubi
anderZubi
  • 121
  • 7

Audit registry access or modification

I want to audit registry modifications, or attempts in case of failure. For that purpose, I have set the audit policy as follows:

auditpol /set /subcategory:"Registry" /success:enable /failure:enable

However, even if I modify the registry, or attempt to modify keys where I don't have modification permission, I am not able to see any logs in the Event Viewer, under Security log.

What am I missing here?