This security policy setting determines whether the operating system generates audit events when any of the following security group management tasks are performed:

• A security group is created, changed, or deleted.
• A member is added to or removed from a security group.
• A group's type is changed.
• Security groups can be used for access control permissions and also as distribution lists.

Event volume: Low

If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

• 4727: A security-enabled global group was created.
• 4728: A member was added to a security-enabled global group.
• 4729: A member was removed from a security-enabled global group.
• 4730: A security-enabled global group was deleted.
• 4731: A security-enabled local group was created.
• 4732: A member was added to a security-enabled local group.
• 4733: A member was removed from a security-enabled local group.
• 4734: A security-enabled local group was deleted.
• 4735: A security-enabled local group was changed.
• 4737: A security-enabled global group was changed.
• 4754: A security-enabled universal group was created.
• 4755: A security-enabled universal group was changed.
• 4756: A member was added to a security-enabled universal group.
• 4757: A member was removed from a security-enabled universal group.
• 4758: A security-enabled universal group was deleted.
• 4764: A group's type was changed.