Are advanced audit policies applied by group policy compatible with basic audit policies?

Advanced audit policies and basic audit policies serve different functions in Windows security auditing. Advanced audit policies, introduced in Windows Vista and Windows Server 2008, allow for more granular control over what events are audited compared to basic audit policies.

When using advanced audit policies, they can specify different categories of events with fine-tuned settings, allowing administrators to include or exclude specific types of actions related to users, groups, or system processes.

On the other hand, basic audit policies provide a more general approach to auditing, where events are either enabled or disabled for broad categories such as logon events or object access. When both types of policies are applied through group policy, they do not operate in concert but rather create a hierarchy where the more detailed advanced audit policies take precedence over the broader basic audit policies. This results in the basic policies being effectively ignored when advanced policies are enforced.

Thus, the answer reflects that advanced audit policies are not compatible with basic policies in a way that they can coexist; the application of advanced policies overrides the basic ones, leading to the conclusion that they cannot work together efficiently.