Lsass.exe audit mode

Enable auditing of Lsass.exe to evaluate feasibility of enabling LSA protection. For more information, see http://technet.microsoft.com/en-us/library/dn408187.aspx

Supported on: At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe
Value NameAuditLevel
Value TypeREG_DWORD
Enabled Value8
Disabled Value0

secguide.admx

Administrative Templates (Computers)