# How can I ensure that system-level auditing is enabled.



## vworthy (Oct 16, 2009)

I am responsible for running vunerability scans weekly, after running these scans I have found one entry stating the the system level auditing was not either set correctly or is disabled. I have checked both system and software hives in the registry, showing the following settings: Under the audit tab, there is a entry for auditing the "everyone" group for failures, and the keys that are selected are Set Value, Create Subkey, and Delete. There is a check mark in Allow inheritable auditing entries from Parent to Propogate to this object.

I would appreciate help with this issue.:4-dontkno


----------



## L8ians (Sep 15, 2008)

Configure auditing on the "HKEY_LOCAL_MACHINE\Software" and "HKEY_LOCAL_MACHINE\System" hives to be all Failures for the Everyone group


----------



## vworthy (Oct 16, 2009)

I have configured those hives, I am just unsure whether I have them set correctly. Under Access Control Settings I have Type Fail, Name Everyone, Access Full control, and Apply to This key and subkeys.

I also have all inheritable entries from parent to propagate to this object selected.


----------

