This security setting determines whether to audit each event of account management on a computer. Examples of account management events include: A user account or group is created, changed, or deleted. A user account is renamed, disabled, or enabled. A password is set or changed. If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when any account management event succeeds. Failure audits generate an audit entry when any account management event fails. To set this value to No auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes. Default values on Client editions: User Account Management: Success Computer Account Management: No Auditing Security Group Management: Success Distribution Group Management: No Auditing Application Group Management: No Auditing Other Account Management Events: No Auditing Default values on Server editions: User Account Management: Success Computer Account Management: Success Security Group Management: Success Distribution Group Management: No Auditing Application Group Management: No Auditing Other Account Management Events: No Auditing
For more control over auditing policies, use the settings in the Advanced Audit Policy Configuration node.
Windows Settings/
Security Settings/
Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy
After changing group policy options, you need to update group policy. If you do not update group policy then settings will not effect. To update it just simply type below command and also sample image is shown.
gpupdate /force
In about command we used "/force" option, this will help up to update policy options forcefully.
