Details
Administrator audit logging is used to provide a log of the settings that are changed by administrators anywhere in the system. By default this setting is turned on to ensure discovery of configuration related security breaches.
Rationale:
Administrators may be able to reconfigure the system to expose a vulnerability with no record of the changes made.
Solution
To implement the recommended state, execute the following PowerShell cmdlet:
Set-AdminAuditLogConfig -AdminAuditLogEnabled $True
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Windows.