Error Access Audit by Policy 785 (0x311): How to Fix it

To fix this error, adjust your Group Policy settings

Windows 11 » Repair

Reading time icon 2 min. read

Calendar icon Updated on

by Milan Stanojevic 

updated on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

ERROR_ACCESS_AUDIT_BY_POLICY usually affects system administrators, and it will prevent you from accessing certain components. However, here’s what you can do to fix this.

How can I fix ERROR_ACCESS_AUDIT_BY_POLICY?

1. Identify the blocked resource

  1. Press the Windows key + X and choose Event Viewer.
  2. Next, go to Windows Logs and choose Security.
  3. Look for events 4656, 4663, or 5145.
  4. Check the Policy Rule ID and blocked the resource path.

2. Check your Group Policy settings

  1. Press Windows key + R and type gpedit.msc.
    gpedit.msc and click OK to open the Group Policy Editor. - Can’t Turn Off Real-Time Protection on Windows 11
  2. Now navigate to the following path Computer Configuration and select Windows Settings.
  3. Select Security Settings and then Advanced Audit Policy Configuration. Lastly, go to System Audit Policies.
  4. Now look for any audit policy settings related to File System, Object Access, or Application Control.
  5. If the policy is blocking access, double-click on it, disable or modify enforcement rules and save changes.

3. Check Windows Defender Application Control

  1. Press Windows key + S and type powershell. Choose Run as administrator.
  2. Next, run Get-CIPolicy | Select-String "Policy"
  3. If the policy is restricting access, disable it with the following command: Set-RuleOption -Option 3 -Disabled
     

4. Adjust folder permissions

  1. Right-click the blocked file or folder and choose Properties.
    properties context menu
  2. Next, go to the Security tab and choose Advanced.
    advanced
  3. Ensure that your user has the necessary permissions.
  4. If it doesn’t adjust them accordingly.

5. Disable auditing for the resource

  1. Open Command Prompt as administrator.
  2. Next, run the following command: auditpol /set /subcategory:"File System" /success:disable /failure:disable
    auditpol cmd
  3. Be sure to replace “File System” with the correct category from Event Viewer.

You can often recognize ERROR_ACCESS_AUDIT_BY_POLICY by the following error message: 785 (0x311) Access to %1 is monitored by policy rule %2.

In most cases, identifying the blocked resource and adjusting your settings should help with this error.

We have covered similar issues in the past, and to learn more visit our AGP_INVALID_ACCESS and ERROR_DIRECT_ACCESS_HANDLE articles.

More about the topics: error

Milan Stanojevic

Milan Stanojevic Shield

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he spends most of his time learning about computers and technology. Before joining WindowsReport, he worked as a front-end web developer. Now, he's one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

User forum

0 messages