18.10.15.5 Ensure 'Enable OneSettings Auditing' is set to 'Enabled'

Information

This policy setting controls whether Windows records attempts to connect with the OneSettings service to the Event Log.

The recommended state for this setting is: Enabled

If events are not recorded it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Data Collection and Preview Builds\Enable OneSettings Auditing

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template DataCollection.admx/adml that is included with the Microsoft Windows 11 Release 21H2 Administrative Templates (or newer).

Impact:

Windows will record attempts to connect with the OneSettings service to the Applications and Services Logs\Microsoft\Windows\Privacy-Auditing\Operational Event Log channel.

See Also

https://workbench.cisecurity.org/benchmarks/15301

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(1), 800-53|IA-2(2), CSCv7|8.5

Plugin: Windows

Control ID: 6282699ce2ffe3464c8c2eae844988bb4ed253e82d14234ac382ca1efea7baf1