Skip to main content

Audit and Event Logging

Win - OIB - SC - Device Security - D - Audit and Event Logging - v3.7

CMMC Control Mapping Matrix

NameValue
Basics
NameWin - OIB - SC - Device Security - D - Audit and Event Logging - v3.7
Description
Profile typeSettings catalog
Platform supportedWindows 10 and later
Created11 April 2024 19:37:59
Last modified01 October 2025 11:31:43
Scope tagsDefault
Table 35. Basics - Win - OIB - SC - Device Security - D - Audit and Event Logging - v3.7
NameValue
Administrative Templates
Audit Process Creation
Include command line in process creation eventsEnabled
Application
Control Event Log behavior when the log file reaches its maximum sizeDisabled
Specify the maximum log file size (KB)Enabled
Maximum Log Size (KB)32768
Security
Control Event Log behavior when the log file reaches its maximum sizeDisabled
Specify the maximum log file size (KB)Enabled
Maximum Log Size (KB)196608
Setup
Control Event Log behavior when the log file reaches its maximum sizeDisabled
Specify the maximum log file size (KB)Enabled
Maximum Log Size (KB) (Device)32768
System
Control Event Log behavior when the log file reaches its maximum sizeDisabled
Specify the maximum log file size (KB)Enabled
Maximum Log Size (KB)32768
Auditing
Account Logon Audit Credential ValidationSuccess+ Failure
Account Logon Logoff Audit Account LockoutFailure
Account Logon Logoff Audit Group MembershipSuccess
Account Logon Logoff Audit LogoffSuccess
Account Logon Logoff Audit LogonSuccess+ Failure
Account Management Audit Application Group ManagementSuccess+ Failure
Audit Authentication Policy ChangeSuccess
Audit Authorization Policy ChangeSuccess
Audit Changes to Audit PolicySuccess
Audit File Share AccessSuccess+Failure
Audit Other Logon Logoff EventsSuccess+Failure
Audit Security Group ManagementSuccess
Audit Security System ExtensionSuccess
Audit Special LogonSuccess
Audit User Account ManagementSuccess+Failure
Detailed Tracking Audit PNP ActivitySuccess
Detailed Tracking Audit Process CreationSuccess
Object Access Audit Detailed File ShareFailure
Object Access Audit Other Object Access EventsSuccess+ Failure
Object Access Audit Removable StorageSuccess+ Failure
Policy Change Audit MPSSVC Rule Level Policy ChangeSuccess+ Failure
Policy Change Audit Other Policy Change EventsFailure
Privilege Use Audit Sensitive Privilege UseSuccess+ Failure
System Audit I Psec DriverSuccess+ Failure
System Audit Other System EventsSuccess+ Failure
System Audit Security State ChangeSuccess
System Audit System IntegritySuccess+ Failure
Table 36. Settings - Win - OIB - SC - Device Security - D - Audit and Event Logging - v3.7

📩 Don't Miss the Next Solution

Join the list to see the real-time solutions I'm delivering to my GCC High clients.