This security setting determines whether the OS audits each instance of attempts to change user rights assignment policy, audit policy, account policy, or trust policy. The administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successes nor failures). If Success auditing is enabled, an audit entry is generated when an attempted change to user rights assignment policy, audit policy, or trust policy is successful. If Failure auditing is enabled, an audit entry is generated when an attempted change to user rights assignment policy, audit policy, or trust policy is attempted by an account that is not authorized to make the requested policy change. Default: Audit Policy Change: Success Authentication Policy Change: Success Authorization Policy Change: No Auditing MPSSVC Rule-Level Policy Change: No Auditing Filtering Platform Policy Change: No Auditing Other Policy Change Events: No Auditing
For more control over auditing policies, use the settings in the Advanced Audit Policy Configuration node.
Windows Settings/
Security Settings/
Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy
After changing group policy options, you need to update group policy. If you do not update group policy then settings will not effect. To update it just simply type below command and also sample image is shown.
gpupdate /force
In about command we used "/force" option, this will help up to update policy options forcefully.
