Auditpol is a command in Windows Server 2016, 2012 and 2008, and is required for querying or configuring audit policy at the subcategory level.
Auditpol displays the information on the performance and functions to manipulate audit policies.
Microsoft Documentation: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/auditpol
- How to set the Audit Policies
- Windows Server 2016/2012 virtual machine.
| Command | Description |
|---|---|
/set |
Sets the audit policy. |
/get |
Displays the current audit policy. |
/backup |
Saves the audit policy to a file. |
/list |
Displays selectable policy elements. |
/restore |
Restores the audit policy from a file that was previously created by using auditpol/backup. |
/remove |
Removes all per-user audit policy settings and disables all system audit policy settings. |
/clear |
Clears the audit policy. |
/resourceSACL |
Configures global resource system access control lists (SALCs). |
Launch Command Prompt from the Windows Server and type:
auditpol /get /category:*
To enable the audit policies, type:
auditpol /set /category:"system", "account logon" /success:enable /failure:enable
To check whether audit policies are enable, type:
auditpol /get /category:*
To clear the audit policies, type:
auditpol /clear /y
To check wheter audit policies cleared, type:
auditpol /get /category:*
