This security policy setting determines whether the operating system generates audit events when application group management tasks are performed, such as:

• An application group is created, changed, or deleted.
• A member is added to or removed from an application group.

Event volume: Low

If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

• 4783: A basic application group was created.
• 4784: A basic application group was changed.
• 4785: A member was added to a basic application group.
• 4786: A member was removed from a basic application group.
• 4787: A non-member was added to a basic application group.
• 4788: A non-member was removed from a basic application group.
• 4789: A basic application group was deleted.
• 4790: An LDAP query group was created.