Skip to Content

Windows 11 KB5058919 Update Fixes Active Directory Audit Bug and Restores Trust in Windows 11 Group Policy Reporting

By: Author Alex Lim

Posted on

Categories Troubleshooting

Problem Description

On April 11, 2025, Microsoft released the out-of-band update KB5058919 for Windows 11 22H2 (Enterprise and Education) and 23H2 (all versions) to address a significant issue affecting Active Directory Group Policy audit reporting.

Issue Details

  • The problem manifested as a reporting inconsistency in the Local Group Policy Editor and Local Security Policy.
  • Specifically, the “Audit logon events” policy appeared as “No auditing” even when logon/logoff auditing was actually enabled and functioning correctly.
  • This caused confusion for administrators, especially in environments with strict security and compliance requirements, as accurate audit logs are crucial for monitoring, investigations, and regulatory compliance.

Who Was Affected

  • Primarily enterprise and education environments using Active Directory Group Policy.
  • Home users were generally unaffected, as logon auditing is rarely required outside enterprise contexts.

Solution and Resolution

What KB5058919 Does

  • Fixes the Reporting Bug: The update ensures that the Local Group Policy Editor and Local Security Policy accurately display the status of “Audit logon events” when auditing is enabled.
  • No Impact on Actual Auditing: The underlying auditing mechanism was always operational; the issue was with how the policy status was displayed, not with the functionality itself.
  • Quality Improvements: This is a non-security, quality update, focused solely on correcting the reporting inconsistency.

How to Apply the Update

  1. The update is available only through the Microsoft Update Catalog, not via Windows Update or WSUS. Search for KB5058919 in the Microsoft Update Catalog and download the appropriate package for your Windows 11 version.
  2. Run the downloaded update file on affected systems. A reboot may be required to complete installation.
  3. After installation, open the Local Group Policy Editor (gpedit.msc) or Local Security Policy (secpol.msc). Navigate to Local Policies > Audit Policy > Audit logon events. The policy should now correctly reflect its enabled status if auditing is active.

Additional Notes

  • No Action Needed for Home Users: If you are not using Active Directory Group Policy for logon auditing, this update is not necessary.
  • Cumulative Update: KB5058919 is cumulative; you do not need to install previous updates before applying it.
  • Related Updates: Similar out-of-band updates were released for Windows Server 2022 (KB5058920), 2019 (KB5058922), and 2016 (KB5058921).

If you need more guidance or step-by-step screenshots, consult the official Microsoft support page for KB5058919 or reach out to your IT support team for assistance.