3.1 Set cmdlets 'Turn on Administrator Audit Logging' to 'True'

Information

Administrator audit logging is used to provide a log of the settings that are changed by administrators anywhere in the system. By default this setting is turned on to ensure discovery of configuration related security breaches.

Rationale:

Administrators may be able to reconfigure the system to expose a vulnerability with no record of the changes made.

Solution

To implement the recommended state, execute the following PowerShell cmdlet:

Set-AdminAuditLogConfig -AdminAuditLogCmdlets *

See Also

https://workbench.cisecurity.org/files/1512

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12

Plugin: Windows

Control ID: 3d79c954b654fee908e4a1398f9f47a28ac8739c404afed52bb02f2366a5e2b4