SV-226096r569184_rule
V-226096
SRG-OS-000471-GPOS-00215
WN12-AU-000032-DC
CAT II
10
Detailed auditing subcategories are configured in Security Settings -> Advanced Audit Policy Configuration. The summary level settings under Security Settings -> Local Policies -> Audit Policy will not be enforced (see V-14230).
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> System Audit Policies -> DS Access -> "Directory Service Access" with "Failure" selected.
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (V-14230) for the detailed auditing subcategories to be effective.
Use the AuditPol tool to review the current Audit Policy configuration:
-Open a Command Prompt with elevated privileges ("Run as Administrator").
-Enter "AuditPol /get /category:*".
Compare the Auditpol settings with the following. If the system does not audit the following, this is a finding.
DS Access -> Directory Service Access - Failure
V-226096
False
WN12-AU-000032-DC
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (V-14230) for the detailed auditing subcategories to be effective.
Use the AuditPol tool to review the current Audit Policy configuration:
-Open a Command Prompt with elevated privileges ("Run as Administrator").
-Enter "AuditPol /get /category:*".
Compare the Auditpol settings with the following. If the system does not audit the following, this is a finding.
DS Access -> Directory Service Access - Failure
M
4217