5.1 Security Considerations for Implementers

Setting both the advanced audit policies (as described in this document) and the event audit policies (as described in [MS-GPSB] section 2.2.4) on the same client can lead to inconsistent behavior. Therefore, if the advanced audit policies are used on a client, it is recommended that the registry value MACHINE\System\CurrentControlSet\Control\LSA\SCENoApplyLegacyAuditPolicy be set to 1, using the mechanism described in [MS-GPSB] section 2.2.5. This avoids the conflict by preventing the event audit policies from being applied on the client.