Go Up
You are here: DeploymentConfigure IT InfrastructureWindows ServerConfigure Windows Registry Audit Settings

Configure Windows Registry Audit Settings

Windows Registry audit permissions must be configured on each Windows server you want to audit so that the “Who” and “When” values are reported correctly for each change. For test environment, PoC or evaluation you can use automatic audit configuration. If you want to configure Windows Registry manually or via Group Policy, follow the instructions below.

Manual Configuration

The following audit permissions must be set to "Successful" for the HKEY_LOCAL_MACHINE\SOFTWARE, HKEY_LOCAL_MACHINE\SYSTEM and HKEY_USERS\.DEFAULT keys:

  • Set Value
  • Create Subkey
  • Delete
  • Write DAC
  • Write Owner

Perform one of the following procedures depending on the OS version:

Configuration via Group Policy

Personnel with administrative rights can use Group Policy Objects to apply configuration settings to multiple servers in bulk. Do the following:

  1. Open the Group Policy Management console on the domain controller, browse to Computer ConfigurationPoliciesWindows SettingsSecurity SettingsRegistry
  2. Right-click the Registry node and select Add Key.
  3. Select MACHINESOFTWARE and click OK.

  4. Then take steps 3-8 from the corresponding procedure above.
  5. When finished, run the gpupdate /force command to force group policy update.

Go Up