I want to audit registry modifications, or attempts in case of failure. For that purpose, I have set the audit policy as follows:
auditpol /set /subcategory:"Registry" /success:enable /failure:enable
However, even if I modify the registry, or attempt to modify keys where I don't have modification permission, I am not able to see any logs in the Event Viewer, under Security log.
The user I am setting the policy with, and then editing the registry is a Local Administrator user. The computer is not member of a domain.
What am I missing here?