How To Enable The Audit For The Windows Registry Value Change?

system · August 8, 2023, 8:18am

How to enable the audit for the Windows registry value change?

Set the Security log size to a big size on issue machine, such as 81920:

Edit local Policy, scroll down to Computer Configuration > Policies > Windows Settings > Security Settings > Local policies > Audit Policies > Audit Object Access and process tracking, set the following policies to Success and Failure

Run gpupdate /force on issue machine to update policy. Then run command auditpol /get /category:* to check whether the audit policy applied.

Right click on the registry (which have value change issue) and choose Properties.

Choose Select a principal and type everyone, choose Check and choose OK

Choose Type: All and choose value change related option as below, then click OK

If something is changed in the audit registry, it will get registry-related logs in the security logs as below:

Topic		Replies	Views
Set Custom Scaling for RDP Session Knowledge Base robot	0	2972	April 15, 2021
800703fa Illegal Operation Attempted On A Registry Key That Has Been Marked For Deletion Knowledge Base orchestrator	0	687	December 29, 2022
Automatic setup of virtual machines IT Automation	1	869	November 16, 2020
Kerberos Authentication Knowledge Base orchestrator	0	864	December 29, 2022
HTTP Error 400 The Size Of The Request Headers Is Too Long For Windows Authentication Knowledge Base 2020_4_1 , 2020_4_3 , 2020_4_2 , 2020_4_4 , 2020_10_2 , 2020_10_1 , 2020_10_5 , 2020_10_8 , 2020_10_7 , 2020_10_6 , 2020_10_0 , 2020_10_4 , 2020_10_9 , 2020_10_10 , 2020_10_12	0	2743	September 14, 2021