About Me

My photo
I am an MCSE in Data Management and Analytics, specializing in MS SQL Server, and an MCP in Azure. With over 19+ years of experience in the IT industry, I bring expertise in data management, Azure Cloud, Data Center Migration, Infrastructure Architecture planning, as well as Virtualization and automation. I have a deep passion for driving innovation through infrastructure automation, particularly using Terraform for efficient provisioning. If you're looking for guidance on automating your infrastructure or have questions about Azure, SQL Server, or cloud migration, feel free to reach out. I often write to capture my own experiences and insights for future reference, but I hope that sharing these experiences through my blog will help others on their journey as well. Thank you for reading!

How to write SQL Server Audit Events to the Security Log

How to write  SQL Server Audit Events to the Security Log


This topic describes how to write a SQL Server audit log in windows Security Log

To configure the audit object access setting in Windows using auditpol

1.Open a command prompt with administrative permissions.

  A.On the Start menu, point to All Programs, point to Accessories, right-click Command Prompt, and then click Run as administrator.

  B.If the User Account Control dialog box opens, click Continue.

Execute the following statement to enable auditing from SQL Server.


auditpol /set /subcategory:"application generated" /success:enable /failure:enable

Close the command prompt window.

To grant the generate security audits permission to an account using secpol
1.For any Windows operating system, on the Start menu, click Run.

2.Type secpol.msc and then click OK. If the User Access Control dialog box appears, click   Continue.

3.In the Local Security Policy tool, expand Security Settings, expand Local Policies, and then click User Rights Assignment.

4.In the results pane, double-click Generate security audits.

5.On the Local Security Setting tab, click Add User or Group.

6.In the Select Users, Computers, or Groups dialog box, either type the name of the user account, such as domain1\user1 and then click OK, or click Advanced and search for the account.

7.Click OK.

8.Close the Security Policy tool.

9.Restart SQL Server to enable this setting.

To configure the audit object access setting in Windows using secpol

If the operating system is earlier than Windows Vista or Windows Server 2008, on the Start menu, click Run.

1.Type secpol.msc and then click OK. If the User Access Control dialog box appears, click Continue.

2.In the Local Security Policy tool, expand Security Settings, expand Local Policies, and then click Audit Policy.

3.In the results pane, double-click Audit object access.

4.On the Local Security Setting tab, in the Audit these attempts area, select both Success and Failure.

5.Click OK.

6.Close the Security Policy tool.

Question :-

Ans :