Windows Server Advanced Security Auditing: Tracking Policy Change
Вставка
- Опубліковано 29 вер 2024
- In this video you'll learn about the Policy Change category of the advanced security auditing policies. Policy Change audit events allow you to track changes to important security policies on a local system or network. This information is part of our series on advanced audit policies and is based on the advice at: learn.microsof... #windowsserver
Blog post discussing Advanced Audit Policies: techcommunity....
Other videos in this series are in this playlist: • Windows Server Advance...
7:12 Are you sure there's a file in the Windows operating system whose image file is mpssvc.exe? I think that 'mpssvc' is actually the Name of the service with DisplayName 'Windows Defender Firewall'
Advice drawn from the following: learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change
(I think the broader answer is that it shows up in some reporting tools and process as mpssvc.exe even though it's a DLL in windows\system32 folder - and the advice here is based on the documentation)