Detailed Security Auditing for Windows Vista, 7 and 2008

You can run compliance scans to test detailed security auditing settings for Windows Vista, 7 and 2008. These tests are performed during compliance scans when the Dissolvable Agent is enabled for the scan.

Get Started

Step 1: Accept the Dissolvable Agent

The Dissolvable Agent must be accepted for your subscription. Go to Scans > Setup > Dissolvable Agent and check to be sure the Agent is accepted. If not, a Manager must accept go there and accept the Agent. Learn more

Step 2: Enable the Agent in your scan settings

Go to PA > Scans > Option Profiles. Select "Enable the Dissolvable Agent".

Step 3: Launch a compliance scan

Go to PA > Scans and select New > Scan (or Schedule Scan). Enter your scan settings and click Launch. Be sure to select the option profile you just configured.

What are the security audit tests?

Account Logon

  • Audit Credential Validation
  • Audit Kerberos Authentication Service
  • Audit Kerberos Service Ticket Operations
  • Audit Other Account Logon Events

Account Management

  • Audit Application Group Management
  • Audit Computer Management
  • Audit Distribution Group Management
  • Audit Other Account Management Events
  • Audit Security Group Management
  • Audit User Account Management

Detailed Tracking

  • Audit DPAPI Activity
  • Audit Process Creation
  •  Audit Process Termination
  • Audit RPC Events

DS Access

  •  Audit Detailed Directory Service Replication
  •  Audit Directory Service Access
  • Audit Directory Service Changes
  • Audit Directory Service Replication

Logon/Logoff

  • Audit Account Lockout
  • Audit IPSec Extended Mode
  • Audit IPSec Main Mode
  • Audit IPSec Quick Mode
  • Audit Logoff
  • Audit Logon
  • Audit Network Policy Server
  • Audit Other Logon/Logoff Events
  • Audit Special Logon

Object Access

  • Audit Application Generated
  • Audit Certification Services
  • Audit Detailed File Share
  • Audit File Share
  • Audit File System
  • Audit Filtering Platform Connection
  • Audit Filtering Platform Packet Drop
  • Audit Handle Manipulation
  • Audit Kernel Object
  • Audit Other Object Access Events
  • Audit Registry
  • Audit SAM

Policy Change

  • Audit Audit Policy Change
  • Audit Authentication Policy Change
  • Audit Authorization Policy Change
  • Audit Filtering Platform Policy Change
  • Audit MPSSVC Rule-Level Policy Change
  • Audit Other Policy Change Events

Privilege Use

  • Audit Non-Sensitive Privilege Use
  • Audit Sensitive Privilege Use
  • Audit Other Privilege Use Events

System

  • Audit IPsec Driver
  • Audit Other System Events
  • Audit Security State Change
  • Audit Security System Extension
  • Audit System Integrity