Audit: Audit the accesss of global system objects

This security setting determines whether to audit the access of global system objects.

If this policy is enabled, it causes system objects, such as mutexes, events, semaphores and DOS devices, to be created with a default system access control list (SACL). Only named objects are given a SACL; SACLs are not given to objects without names. If the Audit object access audit policy is also enabled, access to these system objects is audited.

Note: When configuring this security setting, changes will not take effect until you restart Windows.

Policy path: 

Computer Configuration\Windows Settings\Local Policies\Security Options

Default: 

Disabled

Supported on: 

At least Windows XP SP2, Windows Server 2003

Registry settings: 

MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects

Reboot required: 

Yes