This security policy setting determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs). The following events can generate audit activity:

• Creation, deletion, and initialization of an application client context
• Application operations

Applications designed to use the Windows Auditing APIs can use this subcategory to log auditing events related to their function. The level, volume, relevance, and importance of these audit events depend on the application generating them. The operating system logs the events as they are generated by the application.

Event volume: Depends on the installed application's use of Windows auditing

If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

• 4665: An attempt was made to create an application client context.
• 4666: An application attempted an operation:
• 4667: An application client context was deleted.
• 4668: An application was initialized.