Verifying Microsoft Advanced Audit Policy Configurations

Starting in Windows 7 and Windows Server 2008 R2, Microsoft introduced sub-category configuration audit policies.  This provides administrators with added granularity when deciding which event logs are necessary to be logged.  More on  Advanced Audit Policies can be found here:
http://technet.microsoft.com/en-us/library/dd772712(WS.10).aspx [more]

 

The following command will pull the configuration for all of the new advanced security audit policies:

audipol /get /category:*

Networking Microsoft Windows 7 Audit Policy Windows 2008 Server