Security Audit Policy Question

Copper Contributor


I am fairly new to the Windows Admin role and I am working on tuning our servers audit policies due to high volume of security event logging. When I look at the audit policy via our GPO, it does not have Removable Storage turned on. When I go to Local Security Policy, it is also not on in there. When I run auditpol it shows it as both success and failure. Also if I update any of the audit policies using auditpol, it gets wiped after a reboot. Can anyone please explain to me how the Removable Storage is persistent across a reboot if it isn't in the GPO? The OS is Windows Server 2016.

0 Replies