policy/PolicyRules.Audit.xml
|
<PolicyRules>
<PolicyRule Id="{77d21842-eba0-44a7-a46a-1c0291b087e0}"> <Name>Audit write+execute on removable storage</Name> <IncludedIdList> <GroupId>{18c18655-7803-4235-a811-3da676a1f197}</GroupId> </IncludedIdList> <ExcludedIdList></ExcludedIdList> <Entry Id="{88274f5f-1e0f-4d1f-b239-b8b4a1b2602e}"> <Type>AuditAllowed</Type> <Options>2</Options> <AccessMask>6</AccessMask> </Entry> </PolicyRule> <PolicyRule Id="{d1a03385-6742-4f39-b05f-7f7f5c5bee1e}"> <Name>Audit write+execute on WPD</Name> <IncludedIdList> <GroupId>{b9854cf9-b7e3-4155-b0ec-5031d44657b3}</GroupId> </IncludedIdList> <ExcludedIdList></ExcludedIdList> <Entry Id="{e392a0e6-269c-4037-b125-68a8fa78ada4}"> <Type>AuditAllowed</Type> <Options>2</Options> <AccessMask>48</AccessMask> </Entry> </PolicyRule> <PolicyRule Id="{f3c3878f-3133-4b5a-83e8-4b4b79c35591}"> <Name>Audit write on optical</Name> <IncludedIdList> <GroupId>{c145b8d2-2799-469b-8014-927e7dd9babf}</GroupId> </IncludedIdList> <ExcludedIdList></ExcludedIdList> <Entry Id="{6996b8cd-5bfc-4143-b67f-133cc784d8c0}"> <Type>AuditAllowed</Type> <Options>2</Options> <AccessMask>2</AccessMask> </Entry> </PolicyRule> </PolicyRules> |