You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This policy setting determines what information is logged in security audit events when a new process has been created.
The recommended state for this setting is: 'Disabled'.
Rationale:
When this policy setting is enabled, any user who has read access to the security events can read the command line arguments for any successfully created process. Command-line arguments may contain sensitive or private information such as passwords or user data.
Solution
To establish the recommended configuration via GP, set the following UI path to 'Disabled': Computer Configuration\Policies\Administrative Templates\System\Audit Process Creation\Include command line in process creation events
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template 'AuditSettings.admx/adml' that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).
Impact:
None - this is the default behavior.
The text was updated successfully, but these errors were encountered:
18.8.3.1 Ensure 'Include command line in process creation events' is set to 'Disabled'
Info
Solution
The text was updated successfully, but these errors were encountered: