0

Is it possible through Group policy (or other ways?), to force all my Windows Server and Client computers to turn on network connection audit logging, but only for denied network connections, without logging successful connections?

My current Windows Event - Security log is full of permitted network connections which I do not want to log at all

Hrvoje Kusulja
  • 264
  • 1
  • 11

1 Answers1

1
auditpol.exe /set /category:"Policy Change" /subcategory:"MPSSVC rule-level Policy Change" /success:disable /failure:enable

it's possible with advanced auditing settings.

Yan Skursky
  • 336
  • 1
  • 3
  • So, how to do it by using Group policy / ADMX and for Windows10 also - https://technet.microsoft.com/en-us/library/dn319056(v=ws.11).aspx ? – Hrvoje Kusulja Jan 16 '17 at 18:02