You can choose whether to configure legacy policies as described below or to configure advanced policies. See Configure Advanced Audit Policies for more information.
- On the audited server, open the Local Security Policy snap-in: navigate to Start → Windows Administrative Tools (Windows Server 2016) or Administrative Tools (Windows 2012 R2 and below) → Local Security Policy.
Navigate to Security Settings → Local Policies → Audit Policy.
Policy Name Audit Events
Audit object access
"Success" and "Failure"
Audit policy change "Success" Audit logon events "Success" Audit system events "Success"