Which Versions of Windows Support Advanced Audit Policy Configuration?
All versions of Windows Server 2008 R2 and Windows 7 that can process Group Policy can be configured to use the new advanced security auditing enhancements. Versions of Windows Server 2008 R2 and Windows 7 that cannot join a domain do not have access to these features. There is no difference in security auditing support between 32-bit and 64-bit versions of Windows 7.
Are there any special considerations?
In addition, a number of special considerations apply to various tasks associated with auditing enhancements in Windows Server 2008 R2 and Windows 7:
Creating an audit policy. To create an advanced Windows security auditing policy, you must use a computer running Windows Server 2008 R2 or Windows 7. You can use the Group Policy Management Console (GPMC) on a computer running Windows 7 after installing the Remote Server Administration Tools.
Applying audit policy settings. If you are using Group Policy to apply the advanced audit policy settings and global object access settings, client computers must be running Windows Server 2008 R2 or Windows 7. In addition, only computers running Windows Server 2008 R2 or Windows 7 can provide "reason for access" reporting data.
Developing an audit policy model. To plan advanced security audit settings and global object access settings, you must use the GPMC targeting a domain controller running Windows Server 2008 R2.
Distributing the audit policy. After a Group Policy object (GPO) that includes advanced security auditing settings has been developed, it can be distributed by using domain controllers running any Windows server operating system. However, if you cannot put client computers running Windows 7 in a separate organizational unit (OU), you should use Windows Management Instrumentation (WMI) filtering to ensure that the advanced policy settings are applied only to client computers running Windows 7.
Advanced audit policy settings can also be applied to client computers running Windows Vista. However, the audit policies for these client computers must be created and applied separately by using Auditpol.exe logon scripts.
Using both the basic audit policy settings under Local Policies\Audit Policy and the advanced settings under Advanced Audit Policy Configuration can cause unexpected results. Therefore, the two sets of audit policy settings should not be combined. If you use Advanced Audit Policy Configuration settings, you should enable the Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings policy setting under Local Policies\Security Options. This will prevent conflicts between similar settings by forcing basic security auditing to be ignored.