PolAdtEv Parser
Paste hex pattern of HKLM\Security\Policy\PolAdtEv key into "Input", then click "parse". Default input is for Windows 7 default settings.
Version: 7/2008(x64)
[System]
Security State Change: Success
Security System Extension: No Auditing
System Integrity: Success and Failure
IPsec Driver: No Auditing
Other System Events: Success and Failure
[Logon/Logoff]
Logon: Success
Logoff: Success
Account Lockout: Success
IPsec Main Mode: No Auditing
Special Logon: Success
IPsec Quick Mode: No Auditing
IPsec Extended Mode: No Auditing
Other Logon/Logoff Events: No Auditing
Network Policy Server: Success and Failure
[Object Access]
File System: No Auditing
Registry: No Auditing
Kernel Object: No Auditing
SAM: No Auditing
Other Object Access Events: No Auditing
Certification Services: No Auditing
Application Generated: No Auditing
Handle Manipulation: No Auditing
File Share: No Auditing
Filtering Platform Packet Drop: No Auditing
Filtering Platform Connection: No Auditing
Detailed File Share: No Auditing
[Privilege Use]
Sensitive Privilege Use: No Auditing
Non Sensitive Privilege Use: No Auditing
Other Privilege Use Events: No Auditing
[Detailed Tracking]
Process Creation: No Auditing
Process Termination: No Auditing
DPAPI Activity: No Auditing
RPC Events: No Auditing
[Policy Change]
Audit Policy Change: Success
Authentication Policy Change: Success
Authorization Policy Change: No Auditing
MPSSVC Rule-Level Policy Change: No Auditing
Filtering Platform Policy Change: No Auditing
Other Policy Change Events: No Auditing
[Account Management]
User Account Management: Success
Computer Account Management: No Auditing
Security Group Management: Success
Distribution Group Management: No Auditing
Application Group Management: No Auditing
Other Account Management Events: No Auditing
[DS Access]
Directory Service Access: No Auditing
Directory Service Changes: No Auditing
Directory Service Replication: No Auditing
Detailed Directory Service Replication: No Auditing
[Account Logon]
Credential Validation: No Auditing
Kerberos Service Ticket Operations: No Auditing
Other Account Logon Events: No Auditing
Kerberos Authentication Service: No Auditing