Audit RPC Events


Applies To: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8

This topic for the IT professional describes the Advanced Security Audit policy setting, Audit RPC Events, which determines whether the operating system generates audit events when inbound remote procedure call (RPC) connections are made.

RPC is a technology for creating distributed client/server programs. RPC is an interprocess communication technique that enables client and server software to communicate. For more information, see What Is RPC?.

Event volume: High on RPC servers

Default: Not configured

If this policy setting is configured, the following event appears on computers running the supported versions of the Windows operating system as designated in the Applies To list at the beginning of this topic, in addition to Windows Server 2008 and Windows Vista.

Event ID

Event message


A Remote Procedure Call (RPC) was attempted.

Advanced Security Audit Policy Settings