AuditPol Topics | Next
AuditPol Syntax
auditpol [\\computer] [/enable | /disable] [/help | /?] [/category:type] [/category:type] ...
Where:
- \\computer
is the name of a remote computer. If no computer name is specified, the operation takes place on the local computer.
- /enable
enables audit (default).
- /disable
disables audit.
- /category:type
- specifies what kind of events to audit
category can be:
- system: system events
- logon: logon/logoff events
- object: object access
- privilege: use of privileges
- policy: security policy changes
- sam: Security Accounts Manager (SAM) changes
type can be:
- success: audit success events.
- failure: audit failure events.
- all: audit success and failure events.
- none: do not audit these events.