18.10.15.5 (L1) Ensure 'Enable OneSettings Auditing' is set to 'Enabled'

Information

This policy setting controls whether Windows records attempts to connect with the OneSettings service to the Event Log.

The recommended state for this setting is: Enabled

If events are not recorded it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Data Collection and Preview Builds\Enable OneSettings Auditing

Note: This Group Policy path is provided by the Group Policy template DataCollection.admx/adml that is included with the Microsoft Windows 11 Release 21H2 Administrative Templates (or newer).

Impact:

Windows will record attempts to connect with the OneSettings service to the Applications and Services Logs\Microsoft\Windows\Privacy-Auditing\Operational Event Log channel.

See Also

https://workbench.cisecurity.org/benchmarks/17603