How To Get Windows Audit Policy Using Command Line

Hi All

A quick tip for windows cmd lovers

fetching audit policy is always a pain, many of us are not aware of the small utility by windows called as command auditpol.


Auditpol is the simple command line utility which  give us the audit policy in windows 



Auditpol give us complete detailed view of audit policy it follows the below syntax 

Auditpol command (get/set/list/backup/restore/clear/remove) Optional(user/domain)category, subcategory   

As the first time user we are not aware of category so first task is to find category 

auditpol /list /category  : This will give us the category present in server 
Account Logon
Account Management
Detailed Tracking
DS Access
Object Access
Policy Change
Privilege Use

Same way we can list the subcategory 

auditpol /list /subcategory:"Account Logon"

Now we will see how it will fetch the values of policy using auditpol 

Auditpol /get /category:"Account Logon","Logon /Logoff" 

Note :- You can list one or more categories using comma separated values 

Happy Auditing.. :)


  1. Your new valuable key points imply much a person like me and extremely more to my office workers. With thanks; from every one of us.offshore company formation

  2. The great service in this blog and the nice technology is visible in this blog. I am really very happy for the nice approach is visible in this blog and thank you very much for using the nice technology in this blogiec india

  3. This is a valuable tip for Windows cmd fans! Finding the Windows audit policy using the command line can be tricky, but the "auditpol" utility simplifies the process. Mastering such command-line utilities can improve efficiency and productivity for those aiming for custom case study writing. Understanding Windows audit policies and utilizing command-line tools can be crucial for IT professionals and researchers tackling in-depth case study projects. Thanks for sharing this helpful knowledge!


Post a Comment