Hide this message
Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.
Windows 10 can generate Policy Change auditing events with ID 4703. These events are generated when your audit policy settings are set to SUCCESS and the requested action succeeds.
Policy Change auditing is usually set to to audit FAIL events. When you change this setting to SUCCESS, you may receive multiple events in your security log. These events may not be critical security events, which can require an extensive amount of time to troubleshoot and resolve.
LEM 6.3 will not normalize ID 4703 events related to your LEM agent. You can disable the SUCCESS auditing policy in the group policy console located at:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy