Displays information about and performs functions to manipulate audit policies.

For examples of how this command can be used, see the Examples section in each topic.


Auditpol command [<sub-command><options>]


Sub-command Description
/get Displays the current audit policy.
See Auditpol get for syntax and options.
/set Sets the audit policy.
See Auditpol set for syntax and options.
/list Displays selectable policy elements.
See Auditpol list for syntax and options.
/backup Saves the audit policy to a file.
See Auditpol backup for syntax and options.
/restore Restores the audit policy from a file that was previously created by using auditpol /backup.
See Auditpol restore for syntax and options.
/clear Clears the audit policy.
See Auditpol clear for syntax and options.
/remove Removes all per-user audit policy settings and disables all system audit policy settings.
See Auditpol remove for syntax and options.
/resourceSACL Configures global resource system access control lists (SACLs).
Note: Applies only to Windows 7 and Windows Server 2008 R2.
See Auditpol resourceSACL.
/? Displays help at the command prompt.


The audit policy command-line tool can be used to:

  • Set and query a system audit policy.
  • Set and query a per-user audit policy.
  • Set and query auditing options.
  • Set and query the security descriptor used to delegate access to an audit policy.
  • Report or back up an audit policy to a comma-separated value (CSV) text file.
  • Load an audit policy from a CSV text file.
  • Configure global resource SACLs.

Additional references

Command-Line Syntax Key