I am a developer on a browser (Firefox) and I am working with Restricted Tokens to lock down our sandbox further than it is currently. I am removing a SID from our content process, and it breaks things. Identifying the specific thing it breaks would be much easier if Windows could just tell me (with as much detail as possible) any function call the application made that failed due to not having permission to do the [whatever].
Is it possible to have Event Viewer spit out every failed access control check an application makes?
(I have looked at the Application/Security Logs under 'Windows' in Event Viewer, but they did not contain anything.)
The event log doesn't generate the events that get logged. You need to enable audit logging for the actions that you want logged.
You can enable auditing either with Group Policy or in the Local Security Policy of the computer.
I think the answer to this is Yes, by setting "Audit object access" to Failure (or All)
From https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-object-access