Yeah I actually seen scanners, a long time ago though, but that's not what I meant.

anyway thanks secure_lockdown,

I eventually found Audit policy like you said and I just checked
successes and failures on Audit Policy Change.

Thanks for the tip sysmin770, I'll take it on board.