Add "Advanced Audit Policy" Rule Handling

[FrederickGeek8]

Pull Request (PR) description:

This PR adds proper handling for "Advanced Audit Policy" rules that were not being applied (as was reported in #1533). These rules appear in Windows 10, 11, and Server STIGs are currently are no-ops. In essence, this PR is just changing the parsing logic of AuditPolicyRule to support the new language used by those items.

This PR is marked as "WIP", but please do a review and help me answer some PowerStig contribution-specific questions :)

• My approach was to break copy AuditPolicyRuleConvert into a new file rather than overload the parsing of AuditPolicyRuleConvert. Do we want to keep this delineation or merge the two?
• I was not creative when I came up with the name "AuditPolicyRuleAdvancedConvert". What should we change it to?
• I did not update or write any unit tests. I manually tested my code with a few checklists. I will have to figure out how tests are written in this repo. Suggestions on how to approach tests would be appreciated.
• Once we are happy with the code, I will update the xml outputs that are stored in the repo. For now, I have not added the updated outputs.

This Pull Request (PR) fixes the following issues:

This PR fixes #1533 (and other related STIGs like Win11 and WinServer)

Task list:

• Change details added to Unreleased section of CHANGELOG.md (Not required for Convert modules)?
• Added/updated documentation, comment-based help and descriptions where appropriate?
• Examples appropriately updated?
• New/changed code adheres to Style Guidelines?
• Unit and (optional) Integration tests created/updated where possible?

I'd appreciate answers to my "WIP blocking" questions above and other feedback on this approach. Thanks!

[FrederickGeek8]

@microsoft-github-policy-service agree company="Full Spectrum Software LLC"

[FrederickGeek8]

@MrAutomater can you (or someone else) take a look at this and tell me if it's a reasonable approach for addressing #1533?

If I get a thumbs up for this general approach then I can work on adding tests, rebasing, and updating generated files.

Thanks!

[MrAutomater]

I am on vacation this week, but I can take a look when I get back next week and let you know Thanks, Jerry Martin

…

________________________________ From: Frederick Morlock ***@***.***> Sent: Monday, 22 June 2026 12:30:36 To: microsoft/PowerStig ***@***.***> Cc: Jerry Martin ***@***.***>; Mention ***@***.***> Subject: Re: [microsoft/PowerStig] Add "Advanced Audit Policy" Rule Handling (PR #1556) [https://avatars.githubusercontent.com/u/774597?s=20&v=4]FrederickGeek8 left a comment (microsoft/PowerStig#1556)<#1556 (comment)> @MrAutomater<https://github.com/MrAutomater> can you (or someone else) take a look at this and tell me if it's a reasonable approach for addressing #1533<#1533>? If I get a thumbs up for this general approach then I can work on adding tests, rebasing, and updating generated files. Thanks! — Reply to this email directly, view it on GitHub<#1556?email_source=notifications&email_token=AICAG35DVAHXEAP7T3BJIN35BFULZA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZXGEYDKNJQGIYKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLDGN5XXIZLSL5RWY2LDNM#issuecomment-4771055020>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AICAG34FYYO3JNUNZVWIMDL5BFULZAVCNFSNUABFKJSXA33TNF2G64TZHMYTGMRRGAYDKMRZHNEXG43VMU5TINRYGUYTQMJVGM42C5QC>. Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS<https://github.com/notifications/mobile/ios/AICAG3ZJZMAH5Q5G3Z4GQWD5BFULZA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZXGEYDKNJQGIYKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJKTGN5XXIZLSL5UW64Y> and Android<https://github.com/notifications/mobile/android/AICAG343N7Y33E2QVWPHQP35BFULZA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZXGEYDKNJQGIYKM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLTGN5XXIZLSL5QW4ZDSN5UWI>. Download it today! You are receiving this because you were mentioned.Message ID: ***@***.***>