How To Get Windows Audit Policy Using Command Line

Posted On // Leave a Comment
Hi All

A quick tip for windows cmd lovers

fetching audit policy is always a pain, many of us are not aware of the small utility by windows called as command auditpol.

Auditpol 

Auditpol is the simple command line utility which  give us the audit policy in windows 

Usage

auditpol


Auditpol give us complete detailed view of audit policy it follows the below syntax 

Auditpol command (get/set/list/backup/restore/clear/remove) Optional(user/domain)category, subcategory   

As the first time user we are not aware of category so first task is to find category 

auditpol /list /category  : This will give us the category present in server 
Account Logon
Account Management
Detailed Tracking
DS Access
Logon/Logoff
Object Access
Policy Change
Privilege Use
System

Same way we can list the subcategory 

auditpol /list /subcategory:"Account Logon"

Now we will see how it will fetch the values of policy using auditpol 

Auditpol /get /category:"Account Logon","Logon /Logoff" 


Note :- You can list one or more categories using comma separated values 

Happy Auditing.. :)