Its preferred to set the advanced audit policy through command prompt/powershell other than GUI. It has to be noted that even after you apply the settings through command, in the gui it might not reflect. But that is not an issue. Thats as far as i know.
- Computer configuration-security settings-security options
- Set the policy “Audit:Force audit policy subcategory settings (windows vista or later) to override audit policy category settings” to “Enabled”.
To get full information of advanced audit policy on a server, use the command
- Auditpol.exe /get /category:*
In that you can see categories and sub categories listed with the status success/failure/not configured.
Few examples below :
- Auditpol.exe /set /subcategory:”credential validation” /success:enable /failure:enable
The below command will enable only success
- Auditpol.exe /set /subcategory:”credential validation” /success:enable
The below commmand will set credential validation to “no auditing”
- Auditpol.exe /set /subcategory:”credential validation” /success:disable /failure:disable
You can group all of them and save it as a power shell script or a bat h file and run it on required machines.
Please refer to the microsoft link for detailed info : https://technet.microsoft.com/en-us/library//dd408940(v=ws.10).aspx