WindowsSecurityAuditing 云解决方案提供商WindowsSecurityAuditing CSP

WindowsSecurityAuditing 配置服务提供程序 (CSP) 用于启用安全审核事件的日志记录。The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. 此 CSP 已添加到适用于移动和移动企业版的 Windows 10 版本 1511 中。This CSP was added in Windows 10, version 1511 for Mobile and Mobile Enterprise. 请务必查阅配置 服务提供程序参考 ,以查看此 CSP 和其他 CSP 在 Windows 安装上是否受支持。Make sure to consult the Configuration service provider reference to see if this CSP and others are supported on your Windows installation.

下面以树格式显示 WindowsSecurityAuditing 配置服务提供程序。The following shows the WindowsSecurityAuditing configuration service provider in tree format.

./Vendor/MSFT
WindowsSecurityAuditing
----ConfigurationSettings
--------EnableSecurityAuditing

WindowsSecurityAuditingWindowsSecurityAuditing
根节点。Root node.

ConfigurationSettingsConfigurationSettings
用于处理所有审核配置设置的内部节点。Interior node for handling all the audit configuration settings. 请勿在此节点中使用 Get 操作。Do not use the Get operation in this node. 它仅用于分组配置设置。It is only used of grouping configuration settings.

ConfigurationSettings/EnableSecurityAuditingConfigurationSettings/EnableSecurityAuditing
指定是启用还是禁用设备的审核。Specifies whether to enable or disable auditing for the device.

值类型为 boolean。Value type is boolean. 如果为 true,则默认审核事件集将捕获到日志文件上载;如果为 false,则禁用审核,并且不会记录事件。If true, a default set of audit events will be captured to a log file for upload; if false, auditing is disabled and events are not logged. 默认值为 false。Default value is false.

支持的操作包括 Get 和 Replace。Supported operations are Get and Replace.

示例Examples

启用审核事件的日志记录。Enable logging of audit events.

<SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncBody>
    <Replace>
      <CmdID>1</CmdID>
      <Item>
        <Target>
          <LocURI>
            ./Vendor/MSFT/WindowsSecurityAuditing/ConfigurationSettings/EnableSecurityAuditing
          </LocURI>
        </Target>
        <Meta>
          <Format xmlns="syncml:metinf">bool</Format>
          <Type>text/plain</Type>
        </Meta>
        <Data>true</Data>
      </Item>
    </Replace>
    <Final/> 
  </SyncBody>
</SyncML>

有关 Windows 安全审核详细信息,请参阅安全 审核的新增功能For more information about Windows security auditing, see What's new in security auditing.