To establish an audit policy


Perform one of these steps:

IfDo this

You want to modify security settings for your local computer

Open Local Security Settings

You are on a workstation or server, which is joined to a domain, and you would like to modify security settings for a Group Policy object

Click Start, point to Run, type mmc and click OK.

In the console, click the File menu and click Add/Remove snap-in.

In Add/Remove Snap-in, click Add. In Add Standalone Snap-in, double-click Group Policy.

In Select Group Policy Object, click Browse, browse to the policy object you would like to modify, and click Finish.

Click Close and then click OK.


In the console tree, click Audit Policy.


Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy


In the details pane, double-click an audit policy for which you would like to change audit settings and select the Define these policy settings check box.


Do one or both of the following:

To audit successful attempts, select the Success check box.

To audit unsuccessful attempts, select the Failure check box.


Repeat the last two steps for any additional audit policies you would like to change.


You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. 

To open Local Security Policy, click Start, click Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Local Security Policy

Related Topics

For more information, see Audit policy 

© 2017 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies