Link to home
Start Free TrialLog in
Avatar of schurch122297
schurch122297

asked on

registry settings for audit policies

Under the audit policies for the local user manager on each workstation, there are 7 events with success and failure options. I was trying to find the location of each of these events in the registry but was not able to. Do you have any ideas?
Avatar of cbo120897
cbo120897

You can use sysdiff.exe (ressource kit) to checkout, which changes where made in the registry.

1. PC without policie entrys
2. run sysdiff
3. make the policie entries
4. restart PC
5. run sysdiff again to find out the differences

bye

ASKER CERTIFIED SOLUTION
Avatar of dlanssens
dlanssens

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of schurch122297

ASKER

thank you. i shall look into it.