Message

Group policy processing for audit settings initiated.

Message

Group policy processing for audit settings could not be started. Error: %1

Fields

Message

List of applicable GPOs:
%1

Fields

Example Event

system:
  provider: Microsoft-Windows-Security-Audit-Configuration-Client
  guid: 08466062-AED4-4834-8B04-CDDB414504E5
  event_source_name: ''
  event_id: 102
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-11-05T23:49:58.045589+00:00'
  event_record_id: 40
  correlation:
    ActivityID: AA63BEC0-3996-4133-A97D-DB5DB9617FF3
  execution:
    process_id: 8540
    thread_id: 9876
  channel: Microsoft-Windows-Security-Audit-Configuration-Client/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  GPOList: 'Local Group Policy

    '
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Message

Group policy processing for audit settings started.

Message

Failed to create local directory for downloading audit settings. Error: %1

Fields

Message

Processing audit settings from the following GPO.
Display Name: %1
GPO ID: %2
SYSVOL Path: %3

Fields

Message

Successfully downloaded the audit settings file as follows.
Remote File: %1
Local File: %2
GPO Name: %3

Fields

Message

Failed to downloaded the audit settings file as follows.
Remote File: %1
Local File: %2
GPO Name: %3
Error: %4

Fields

Message

Successfully configured the audit settings on the system.

Message

Failed to configure the audit settings on the system.
Error: %1

Fields

Message

Successfully generated RSoP data in WMI.

Message

Failed to generate RSoP data in WMI. Error:%1

Fields

Message

Group policy processing for audit settings finished successfully.

Message

Group policy processing for audit settings finished with error. Error: %1

Fields

Message

Successfully communicated the results of the operation to group policy engine.

Message

Failed to communicate the results of the operation to group policy engine. Error: %1

Fields

Message

Group policy processing for central access policy settings initiated.

Message

Group policy processing for central access policy settings could not be started. Error: %1

Fields

Message

List of applicable GPOs:
%1

Fields

Message

Group policy processing for central access policy settings started.

Message

Failed to create local directory for downloading central access policy settings. Error: %1

Fields

Message

Processing central access policy settings from the following GPO.
Display Name: %1
GPO ID: %2
SYSVOL Path: %3

Fields

Message

Successfully downloaded the central access policy settings file as follows.
Remote File: %1
Local File: %2
GPO Name: %3

Fields

Message

Failed to downloaded the central access policy settings file as follows.
Remote File: %1
Local File: %2
GPO Name: %3
Error: %4

Fields

Message

Successfully configured the central access policy settings on the system.

Message

Failed to configure the central access policy settings on the system.
Error: %1

Fields

Message

Successfully generated RSoP data in WMI.

Message

Failed to generate RSoP data in WMI. Error:%1

Fields

Message

Group policy processing for central access policy settings finished successfully.

Message

Group policy processing for central access policy settings finished with error. Error: %1

Fields

Message

Successfully communicated the results of the operation to group policy engine.

Message

Failed to communicate the results of the operation to group policy engine. Error: %1

Fields