Check or Attack Name: Policy Audit

Policy Change Auditing is not enabled. Policy auditing records when security policy changes are made. Since these events have a significant impact on the host and the network, ISS recommends always auditing these events. These events appear in the Event Viewer Security Log.

Enable Security Policy Changes auditing.

To enable auditing, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the account from the list.
3. From the Policies menu, select Audit to display the Audit Policy dialog box.
4. Enable Security Policy Changes auditing on Success and Failure.

Microsoft Knowledge Base Article Q174074, Security Event Descriptions, http://support.microsoft.com/support/kb/articles/q174/0/74.asp