Software to prompt when something change windows 10

Hi. From time to time i see that something or someone has changed security stuff in my Windows. Its concerning because i know for a fact ive changed it and then it changes back after some unknown time just as if someone remotely does this OR windows does it by its own which would make no sense in regard to the specific things that is being changed in local security SECPOL.msc

2 examples are "Recovery console: Allow automatic administrative logon" It was set to Enabled when i had put it on disable after implementing STIG security guide!! For F sakes!! Im F#"¤ tired of this shit, because it happens all the time!
And then this one "Recovery console: Allow floppy copy and access to all drives and all folders"

One of these are critical that they be not enabled, as one can read on STIG.
Here you can read it The Recovery Console option is set to permit automatic logon to the system.

And here The Recovery Console SET command must be disabled.

"The Recovery Console SET command must be disabled.
The Recovery Console SET command allows environment variables to be set in the Recovery Console. This permits access to all drives and folders and the copying of files to removable media which could expose sensitive information. Severity "Low"

"The Recovery Console option is set to permit automatic logon to the system.
This is a Category 1 finding because if this option is set, the Recovery Console does not require you to provide a password and will automatically log on to the system, giving administrator access to system files. By default, the Recovery Console requires you to provide the password for the administrator account before accessing the system. Severity "High"

Windows 10 Pro X64 22H2 version 19045.2546

Samuria said:

The old winpatrol Download WinPatrol can do all that it monitors and advices on lots of things but you can add your own reg details if you want to do someother things

Is it able to see changes to SECPOL changes? Does it do it automatically, or do i need to manually let it know? Do i need to buy the software for that to work?

- - - Updated - - -

I bought it. Where is the settings that you can change in secpol in the registry? I want to add it to the registry so it alerts me when there is a change there. Or can i perhaps add secpol in the software and it will tell me of any change there to all secpol settings? That would be much easier!

Samuria said:

It's in registry settings you can anything there and it woofs if anything changes

Yes, but how? I want these settings monitored in secpol as seen in my picture.

Try3 said:

You need to find out which Registry entry each of those SecPol entries relates to.

The last time I took any notice of it, there was a link to the latest MS download of a list of relevant entries at
Administrative Templates for Windows 10 November 2021 Update (21H2) - TenForums
and the MS download was at
Group Policy Settings Reference Spreadsheet for Windows 10 November 2021 Update [21H2] - MSDownloads

For SecPol entries not covered by the MS download or any equivalent that you manage to find, you could monitor Registry changes using something like RegShot i.e. work through changing each SecPol entry in turn to see what Registry changes are made. That would be time-consuming & extremely tedious.
my RegShot ditty - #19 - TenForumsTutorials


Denis

Oh darn it! I wish there was some simple way of letting me know someone has changed something in Secpol. It's extremely frustrating to set something in secpol to see it being changed for unknown reason. How is that even possible? Can Windows update do that? Or is it only possible if someone has remote access to your computer?