{"id":363,"date":"2014-03-26T07:40:27","date_gmt":"2014-03-25T21:40:27","guid":{"rendered":"https:\/\/girl-germs.com\/?p=363"},"modified":"2015-09-27T15:09:53","modified_gmt":"2015-09-27T05:09:53","slug":"advanced-audit-policy-which-gpo-corresponds-with-which-event-id","status":"publish","type":"post","link":"https:\/\/girl-germs.com\/?p=363","title":{"rendered":"Advanced Audit Policy – which GPO corresponds with which Event ID"},"content":{"rendered":"

I spent a good part of a day a few weeks ago searching around looking for a simple spreadsheet or table that lists the Advanced Audit GPO’s and what Event ID’s they correspond to. I couldn’t find one. Went through 4 pages of Google results, went through multiple TechNet articles. Could not find something that simply stated “These event ID’s are covered by this GPO”. The closest I could find was this link – Event IDs for Windows Server 2008 and Vista Revealed!<\/a> – but it didn’t list them in the way I wanted, nor did it include everything that I could see listed in my GPO’s.<\/p>\n

This is important information to me – I’m currently trying to tweak our security settings so that what we’re logging is *actually* useful rather than thousands upon thousands of lines with logons and logoffs. A list like this would allow me to filter our event logs, to then be able to see which GPO’s I could easily turn on or off in order to get the filtered results I’m looking for – and prevent my event logs from filling up with useless crap!<\/p>\n

So, because I couldn’t find it, I decided to make it myself…and because I figured I wouldn’t be the only one looking for it, I thought I might share it with the world!<\/p>\n