This security policy setting determines whether the operating system generates events for security policy changes that are not otherwise audited in the Policy Change category, such as the following:

• Trusted Platform Module (TPM) configuration changes. 
  
• Kernel-mode cryptographic self tests. 
  
• Cryptographic provider operations. 
  
• Cryptographic context operations or modifications. 
  

Event volume: Low
If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

• 4670: Permissions on an object were changed.
  
• 4909: The local policy settings for the TBS were changed.
  
• 4910: The group policy settings for the TBS were changed.
  
• 5063: A cryptographic provider operation was attempted.
  
• 5064: A cryptographic context operation was attempted.
  
• 5065: A cryptographic context modification was attempted.
  
• 5066: A cryptographic function operation was attempted.
  
• 5067: A cryptographic function modification was attempted.
  
• 5068: A cryptographic function provider operation was attempted.
  
• 5069: A cryptographic function property operation was attempted.
  
• 5070: A cryptographic function property modification was attempted.
  
• 5447: A Windows Filtering Platform filter has been changed.
  
• 6144: Security policy in the group policy objects has been applied successfully.
  
• 6145: One or more errors occurred while processing security policy in the group policy objects.