Are there auditing policies to monitor the following:
1. Change of privileges
2. The installation/uninstallation of software
3. When and by whom a certain service is stopped/started
4. Modifying the actual auditing settings
If there are, which policy should I set up for each or how do I go about setting these up?
Also is there a way to secure audit policies so that they cannot be altered?