Description
This security setting determines whether the OS audits any of the following events:
Attempted system time change
Attempted security system startup or shutdown
Attempt to load extensible authentication components
Loss of audited events due to auditing system failure
Security log size exceeding a configurable warning threshold level.
If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successes nor failures).
If Success auditing is enabled, an audit entry is generated each time the OS performs one of these activities successfully.
If Failure auditing is enabled, an audit entry is generated each time the OS attempts and fails to perform one of these activities.