<xsd:element name="auditeventpolicy_item" substitutionGroup="system_characteristics:item">
<xsd:annotation>
<xsd:documentation>The auditeventpolicy item enumerates the different types of events the system should audit. The defined values are found in window's POLICY_AUDIT_EVENT_TYPE enumeration and accessed through the LsaQueryInformationPolicy when the InformationClass parameters are set to PolicyAuditEventsInformation.</xsd:documentation>
<xsd:appinfo>
<item_name>Audit Event Policy Item</item_name>
<extends>itemType</extends>
<valid_sections>message, data</valid_sections>
<example>
</example>
</xsd:appinfo>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="system_characteristics:itemType">
<xsd:sequence>
<xsd:element name="data" minOccurs="0" maxOccurs="1">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="system_characteristics:dataType">
<xsd:sequence>
<xsd:element name="account_logon" type="windows:dataAuditType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation>
<xsd:appinfo>
<parent_item>auditeventpolicy_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="account_management" type="windows:dataAuditType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to create, delete, or change user or group accounts. Also, audit password changes.</xsd:documentation>
<xsd:appinfo>
<parent_item>auditeventpolicy_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="detailed_tracking" type="windows:dataAuditType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit specific events, such as program activation, some forms of handle duplication, indirect access to an object, and process exit. </xsd:documentation>
<xsd:appinfo>
<parent_item>auditeventpolicy_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="directory_service_access" type="windows:dataAuditType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to access the directory service.</xsd:documentation>
<xsd:appinfo>
<parent_item>auditeventpolicy_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="logon" type="windows:dataAuditType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation>
<xsd:appinfo>
<parent_item>auditeventpolicy_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="object_access" type="windows:dataAuditType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to access securable objects, such as files.</xsd:documentation>
<xsd:appinfo>
<parent_item>auditeventpolicy_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="policy_change" type="windows:dataAuditType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to change Policy object rules. </xsd:documentation>
<xsd:appinfo>
<parent_item>auditeventpolicy_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="privilege_use" type="windows:dataAuditType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to use privileges.</xsd:documentation>
<xsd:appinfo>
<parent_item>auditeventpolicy_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="system" type="windows:dataAuditType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to shut down or restart the computer. Also, audit events that affect system security or the security log.</xsd:documentation>
<xsd:appinfo>
<parent_item>auditeventpolicy_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
|
XSD Schema Diagram:
