What Is Auditpol In Windows 11 10 How To Enable And Use It

What is AuditPol used for?

Auditpol.exe is a command-line utility in Windows OS that can be used to configure and manage audit policy settings from an elevated command prompt. It allows you to manage and audit policy sub-category settings in a more precise way.

How to enable AuditPol in Windows 11/10?

If you wish to enable this AuditPol option:

Open Local Security Policy > Local Policies > Security Options.Now in the right panel, double-click on Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings.Select Enabled > Apply/OK.

AuditPol command line switches

AuditPol has several switches that allow you to display, set, clear, backup, and restore settings. Especially, it can be used to:

Set and query a system audit policy.Set and query a per-user audit policy.Set and query auditing options.Set and query the security descriptor used to delegate access to an audit policy.Report or back up an audit policy to a comma-separated value (CSV) text file.Load an audit policy from a CSV text file.Configure global resource SACLs.

If you open a command prompt as an administrator, you can use AuditPol to view the defined auditing settings by running:

A point to be noted is that while viewing audit policy settings with AuditPol and the Local Security Policy viz secpol.msc, the settings may show different results. KB2573113 explains the reason for this: For more details visit AuditPol on TechNet.