| Events to Audit |
Description |
| Query Value |
Reads a value entry from a Registry key |
| Set Value |
Sets value entries in a Registry key |
| Create Subkey |
Create subkeys on a selected Registry key |
| Enumerate Subkeys |
Audits events that attempt to identify the subkeys of a Registry key such as expanding the tree view |
| Notify |
Notifies events from a ket in the Registry |
| Create link |
Creates a symbolic link in a particular key |
| Delete |
Deletes a Registry object |
| Write DAC |
Changes security permissions on a key |
| Read Control |
Reads the security permissions of a key |
