Auditing: Removable Storage


The HotplugSecureOpen registry key is required in order for auditing of removable devices like USB drives to work and generate event id 4663.


Stig Server:
Stig Desktop:

To fix this configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit Removable Storage" with "Success" selected.