2.2.1.3.1 Inclusion Setting, Exclusion Setting, and SettingValue for System Audit Subcategories
This section defines the syntax for the InclusionSetting, ExclusionSetting, and SettingValue attributes when the PolicyTarget attribute is set to "System".
The syntax for the entries in this category MUST be as follows.
-
InclusionSetting-SA = "Success" / "Failure" / "Success and Failure" / "No Auditing" / "Not Specified" ExclusionSetting-SA = "" SettingValue-SA = 1*DIGIT
Please note that the element names above have a postfix of "-SA" to differentiate them from per-user audit settings which have a postfix of "-UA".
The value of SettingValue MUST be one of the following:
A value of "0": Indicates that this audit subcategory setting is unchanged.
A value of "1": Indicates that this audit subcategory setting is set to Success Audits Only.
A value of "2": Indicates that this audit subcategory setting is set to Failure Audits Only.
A value of "3": Indicates that this audit subcategory setting is set to Success and Failure Audits.
A value of "4": Indicates that this audit subcategory setting is set to None.
Note The value of InclusionSetting is for user readability only and is ignored when the advanced audit policy is applied by the audit configuration client-side plug-in.