It appears that setting an event audit policy value to No auditing resets the policy to its default value rather than disabling auditing.
For example, setting Audit account logon events to No auditing results in this:
Account Logon
Kerberos Service Ticket Operations Success
Other Account Logon Events No Auditing
Kerberos Authentication Service Success
Credential Validation Success
while setting it to Success,Failure results in this:
Account Logon
Kerberos Service Ticket Operations Success and Failure
Other Account Logon Events Success and Failure
Kerberos Authentication Service Success and Failure
Credential Validation Success and Failure
It appears that setting an event audit policy value to
No auditingresets the policy to its default value rather than disabling auditing.For example, setting
Audit account logon eventstoNo auditingresults in this:while setting it to
Success,Failureresults in this: