Windows 10 Security baseline - Audit settings on local machine

%3CLINGO-SUB%20id%3D%22lingo-sub-2019759%22%20slang%3D%22en-US%22%3EWindows%2010%20Security%20baseline%20-%20Audit%20settings%20on%20local%20machine%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2019759%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20applied%20in%20the%20Windows%2010%20Baseline%20security%20policy%20via%20Endpoint%20Manager%20in%20the%20cloud.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20policy%20has%20successfully%20applied%20to%20the%20local%20Windows%2010%20Pro%20machine.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20is%20my%20understanding%20that%20the%20setting%20under%20the%20baseline%20Audit%20section%20i.e.%20%22%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3EAccount%20Logon%20Audit%20Credential%20Validation%20(Device)%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3E%26nbsp%3B%22%20for%20example%20map%20to%20the%20following%20registry%20key%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20data-bind%3D%22htmlTemplate%3A%20%24data%22%3E%0A%3CDIV%20data-bind%3D%22visible%3A%20visible%22%3E%0A%3CDIV%20class%3D%22fxc-base%20fxc-section%20msportalfx-form%20fxc-smart-labels%20fxs-vivaresize%20fxc-section-wrapper%20msportalfx-form-regular%20fxc-left-label-fixed%22%20data-bind%3D%22pcControl%3A%20wrappedControl%22%20data-formelement%3D%22pcControl%3A%20wrappedControl%22%3E%0A%3CDIV%20class%3D%22fxc-section-control%20fxc-base%20msportalfx-customHtml%20msportalfx-form-formelement%20fxc-has-label%22%20data-bind%3D%22%26quot%3BpcControl%26quot%3B%3A%24data%22%20data-formelement%3D%22%26quot%3BpcControl%26quot%3B%3A%24data%22%3E%0A%3CDIV%20class%3D%22azc-formElementSubLabelContainer%22%3E%0A%3CDIV%20class%3D%22azc-formElementContainer%22%20data-bind%3D%22untrustedHtml%3A%20%7B%20html%3A%20htmlTemplate%2C%20data%3A%20innerViewModel%2C%20isolated%3A%20isolated%20%7D%22%3E%0A%3CDIV%20class%3D%22fxc-group-dropdown%20msportalfx-form-formelement%20azc-fabric%20azc-validationBelowCtrl%20fxs-vivaresize%20msportalfx-form-formelement-disabled%22%20data-bind%3D%22pcControl%3A%20model%22%20data-formelement%3D%22pcControl%3A%20model%22%20data-validatable%3D%22true%22%3E%0A%3CDIV%20class%3D%22azc-formElementSubLabelContainer%22%3E%0A%3CDIV%20class%3D%22azc-formElementContainer%22%3E%0A%3CDIV%20id%3D%22azc-form-guid-e533ea68-c0e6-4fc6-8ea8-de903581d114aria%22%20class%3D%22fxc-dropdown-hidden%20fxc-dropdown-popup%20fxc-control-border%20azc-bg-default%20msportalfx-shadow-level2%22%20tabindex%3D%22-1%22%20role%3D%22tree%22%20aria-hidden%3D%22true%22%20aria-label%3D%22List%20of%20options%22%20data-canfocus%3D%22true%22%20data-bind%3D%22%26quot%3Battr%26quot%3B%3A%7B%26quot%3Bid%26quot%3B%3A%24ctl._optionContainerId%2C%26quot%3Baria-multiselectable%26quot%3B%3A%24ctl._multiselectActivated()%7D%22%3E%0A%3CDIV%20class%3D%22fxc-dropdown-popup-dock%20fxs-portal-bg-txt-br%22%3E%0A%3CDIV%3E%3CSPAN%3EHKLM%3A%5CSOFTWARE%5CMicrosoft%5CPolicyManager%5Ccurrent%5Cdevice%5CAudit%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E%3CSPAN%3Efor%20example%2C%20key%20%3D%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3EAccountLogon_AuditCredentialValidation%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3Eper%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-csp-audit%23audit-accountlogon-auditcredentialvalidation%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-csp-audit%23audit-accountlogon-auditcredentialvalidation%3C%2FA%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3EHowever%2C%20I%20can't%20find%20these%20settings%20in%20the%20registry%20at%20all.%20What%20am%20I%20missing%3F%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3EBasically%2C%20what%20I'm%20trying%20to%20achieve%20is%20to%20verify%20on%20the%20local%20Win%2010%20Pro%20machine%20that%20the%20Windows%2010%20Baseline%20policy%20has%20indeed%20set%20all%20the%20values%20from%20the%20policy%20in%20the%20local%20machine.%20I'm%20current%20stuck%20on%20verifying%20that%20the%20baseline%20policies%20in%20the%20Audit%20sections%20are%20being%20applied%20successfully%20to%20the%20local%20workstation.%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3EAny%20assistance%20appreciated.%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3EThanks%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2019759%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
MVP

I have applied in the Windows 10 Baseline security policy via Endpoint Manager in the cloud.

 

The policy has successfully applied to the local Windows 10 Pro machine.

 

It is my understanding that the setting under the baseline Audit section i.e. "Account Logon Audit Credential Validation (Device) " for example map to the following registry key:

 

0 Replies