PolAdtEv Parser

This is a online parser for PolAdtEv registry key based on Windows Registry PolAdtEv.

Paste hex pattern of HKLM\Security\Policy\PolAdtEv key into "Input", then click "parse". Default input is for Windows 7 default settings.

Input:

Version: 7/2008(x64)

[System]
Security State Change: Success
Security System Extension: No Auditing
System Integrity: Success and Failure
IPsec Driver: No Auditing
Other System Events: Success and Failure

[Logon/Logoff]
Logon: Success
Logoff: Success
Account Lockout: Success
IPsec Main Mode: No Auditing
Special Logon: Success
IPsec Quick Mode: No Auditing
IPsec Extended Mode: No Auditing
Other Logon/Logoff Events: No Auditing
Network Policy Server: Success and Failure

[Object Access]
File System: No Auditing
Registry: No Auditing
Kernel Object: No Auditing
SAM: No Auditing
Other Object Access Events: No Auditing
Certification Services: No Auditing
Application Generated: No Auditing
Handle Manipulation: No Auditing
File Share: No Auditing
Filtering Platform Packet Drop: No Auditing
Filtering Platform Connection: No Auditing
Detailed File Share: No Auditing

[Privilege Use]
Sensitive Privilege Use: No Auditing
Non Sensitive Privilege Use: No Auditing
Other Privilege Use Events: No Auditing

[Detailed Tracking]
Process Creation: No Auditing
Process Termination: No Auditing
DPAPI Activity: No Auditing
RPC Events: No Auditing

[Policy Change]
Audit Policy Change: Success
Authentication Policy Change: Success
Authorization Policy Change: No Auditing
MPSSVC Rule-Level Policy Change: No Auditing
Filtering Platform Policy Change: No Auditing
Other Policy Change Events: No Auditing

[Account Management]
User Account Management: Success
Computer Account Management: No Auditing
Security Group Management: Success
Distribution Group Management: No Auditing
Application Group Management: No Auditing
Other Account Management Events: No Auditing

[DS Access]
Directory Service Access: No Auditing
Directory Service Changes: No Auditing
Directory Service Replication: No Auditing
Detailed Directory Service Replication: No Auditing

[Account Logon]
Credential Validation: No Auditing
Kerberos Service Ticket Operations: No Auditing
Other Account Logon Events: No Auditing
Kerberos Authentication Service: No Auditing

History

2017/01/30

Support Windows 10(1607)/2016

2015/11/25

English version released