Audit Process Termination
Applies To: Windows 7, Windows Server 2008 R2
This security policy setting allows you to generate audit events when an attempt is made to end a process.
Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when a process ends.
This policy setting may help you understand how the computer is used and to track user activity.
Event volume: Varies, depending on how the computer is used
Default: Not configured
If this policy setting is configured, the following event is generated. The event appears on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.
|Event ID||Event message|
A process has exited.