Detections
Analytics
Manage auditing and security log
Information
Manage auditing and security logThis security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys.
This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be enabled, the Audit object access setting in Security Settings\\Audit Policies must be configured.
You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log.
Default: Administrators.
Solution
Policy Path: User Rights AssignmentsPolicy Setting Name: Manage auditing and security log
See Also
Item Details
Audit Name: MSCT Windows 11 v23H2 v1.0.0
Category: ACCESS CONTROL
References: 800-53|AC-6(7)(b)
Plugin: Windows
Control ID: 3c713a53f004dc570de7d932a471abd91a72b8fd795aecb78d6a0d36d4812f57