Type
For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should have “SYSTEM” as value for **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | -| Member Server | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.”
For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | -| Workstation | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.”
For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | +| Domain Controller | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.”
For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should have “SYSTEM” as value for **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | +| Member Server | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.”
For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | +| Workstation | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.”
For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | **Events List:** diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index fe6ad3206b..d2929dbc8b 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Sensitive Privilege Use -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Sensitive Privilege Use contains events that show the usage of sensitive privileges. This is the list of sensitive privileges: diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md index c852e45990..a2c7e6fe4c 100644 --- a/windows/security/threat-protection/auditing/audit-special-logon.md +++ b/windows/security/threat-protection/auditing/audit-special-logon.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Special Logon -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Special Logon determines whether the operating system generates audit events under special sign on (or log on) circumstances. diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md index f9be77c1eb..d88432587a 100644 --- a/windows/security/threat-protection/auditing/audit-system-integrity.md +++ b/windows/security/threat-protection/auditing/audit-system-integrity.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit System Integrity -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit System Integrity determines whether the operating system audits events that violate the integrity of the security subsystem. diff --git a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md index c53c887d1f..51362e65a8 100644 --- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md +++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md @@ -11,10 +11,6 @@ ms.technology: mde # Audit Token Right Adjusted -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Token Right Adjusted allows you to audit events generated by adjusting the privileges of a token. diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md index 145e04e477..97b551d31a 100644 --- a/windows/security/threat-protection/auditing/audit-user-account-management.md +++ b/windows/security/threat-protection/auditing/audit-user-account-management.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit User Account Management -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit User Account Management determines whether the operating system generates audit events when specific user account management tasks are performed. diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index 6051e50d2f..f5b3b71fa8 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit User/Device Claims -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit User/Device Claims allows you to audit user and device claims information in the account’s logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md index 7e9d098f5d..9e83b22f8e 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit account logon events -**Applies to** -- Windows 10 Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account. diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md index 5541fc0f63..e438366e30 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-management.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit account management -**Applies to** -- Windows 10 Determines whether to audit each event of account management on a device. diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md index e52e2e7382..fb18731a64 100644 --- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit directory service access -**Applies to** -- Windows 10 Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified. diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md index c730790cfa..569a8335dd 100644 --- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit logon events -**Applies to** -- Windows 10 Determines whether to audit each instance of a user logging on to or logging off from a device. diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index 7bb1357af3..3cc432b64b 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit object access -**Applies to** -- Windows 10 Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified. diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md index a04167e8c2..3e7cc6a8ea 100644 --- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit policy change -**Applies to** -- Windows 10 Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies. diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md index 4b6a28a415..ff6e5dff98 100644 --- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md +++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit privilege use -**Applies to** -- Windows 10 Determines whether to audit each instance of a user exercising a user right. diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md index c2e1ff94ca..a7f08b9c20 100644 --- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md +++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit process tracking -**Applies to** -- Windows 10 Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md index 8c5e33028e..4201c2447f 100644 --- a/windows/security/threat-protection/auditing/basic-audit-system-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit system events -**Applies to** -- Windows 10 Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md index fd291c792a..012b98550f 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Basic security audit policies -**Applies to** -- Windows 10 Before you implement auditing, you must decide on an auditing policy. A basic audit policy specifies categories of security-related events that you want to audit. When this version of Windows is first installed, all auditing categories are disabled. By enabling various auditing event categories, you can implement an auditing policy that suits the security needs of your organization. diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md index 0ddb0a6152..0b56e07522 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Basic security audit policy settings -**Applies to** -- Windows 10 Basic security audit policy settings are found under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy. diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md index 526946d4b5..054ff9b595 100644 --- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md +++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- # Create a basic audit policy for an event category -**Applies to** -- Windows 10 By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization. On devices that are joined to a domain, auditing settings for the event categories are undefined by default. On domain controllers, auditing is turned on by default. diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md index f3fbd46308..c8ac91b393 100644 --- a/windows/security/threat-protection/auditing/event-1100.md +++ b/windows/security/threat-protection/auditing/event-1100.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 1100(S): The event logging service has shut down. -**Applies to** -- Windows 10 -- Windows Server 2016 -
diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md
index fecf1badde..02ac9384e5 100644
--- a/windows/security/threat-protection/auditing/event-1102.md
+++ b/windows/security/threat-protection/auditing/event-1102.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 1102(S): The audit log was cleared.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md
index 8d6a8dfd16..0c5e2917af 100644
--- a/windows/security/threat-protection/auditing/event-1104.md
+++ b/windows/security/threat-protection/auditing/event-1104.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 1104(S): The security log is now full.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md
index ca327249e4..1aeaa58c8e 100644
--- a/windows/security/threat-protection/auditing/event-1105.md
+++ b/windows/security/threat-protection/auditing/event-1105.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 1105(S): Event log automatic backup
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md
index 440e411f38..1a7f0cbd1e 100644
--- a/windows/security/threat-protection/auditing/event-1108.md
+++ b/windows/security/threat-protection/auditing/event-1108.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md
index 6372e6acc2..255036037d 100644
--- a/windows/security/threat-protection/auditing/event-4608.md
+++ b/windows/security/threat-protection/auditing/event-4608.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4608(S): Windows is starting up.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md
index aba324fd61..2249612819 100644
--- a/windows/security/threat-protection/auditing/event-4610.md
+++ b/windows/security/threat-protection/auditing/event-4610.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4610(S): An authentication package has been loaded by the Local Security Authority.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md
index 50583e6f70..b4ce0a9d8d 100644
--- a/windows/security/threat-protection/auditing/event-4611.md
+++ b/windows/security/threat-protection/auditing/event-4611.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4611(S): A trusted logon process has been registered with the Local Security Authority.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md
index c4561550d5..aa8b9ecc61 100644
--- a/windows/security/threat-protection/auditing/event-4612.md
+++ b/windows/security/threat-protection/auditing/event-4612.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk.
diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md
index ca4c161420..959ef959e9 100644
--- a/windows/security/threat-protection/auditing/event-4614.md
+++ b/windows/security/threat-protection/auditing/event-4614.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4614(S): A notification package has been loaded by the Security Account Manager.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md
index 6c8f9cd7ac..82dbd7d648 100644
--- a/windows/security/threat-protection/auditing/event-4615.md
+++ b/windows/security/threat-protection/auditing/event-4615.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4615(S): Invalid use of LPC port.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
It appears that this event never occurs.
diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md
index 690bde945f..2fc4b43b2c 100644
--- a/windows/security/threat-protection/auditing/event-4616.md
+++ b/windows/security/threat-protection/auditing/event-4616.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4616(S): The system time was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md
index c1bc41f942..baa0727774 100644
--- a/windows/security/threat-protection/auditing/event-4618.md
+++ b/windows/security/threat-protection/auditing/event-4618.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4618(S): A monitored security event pattern has occurred.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
***Subcategory:*** [Audit System Integrity](audit-system-integrity.md)
diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md
index 9ffb0fee15..d3475dbb08 100644
--- a/windows/security/threat-protection/auditing/event-4621.md
+++ b/windows/security/threat-protection/auditing/event-4621.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,9 +16,6 @@ ms.technology: mde
# 4621(S): Administrator recovered system from CrashOnAuditFail.
-**Applies to**
-- Windows 10
-- Windows Server 2016
This event is logged after a system reboots following [CrashOnAuditFail](/previous-versions/windows/it-pro/windows-2000-server/cc963220(v=technet.10)?f=255&MSPPError=-2147217396). It generates when CrashOnAuditFail = 2.
diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md
index 46f54afcca..5404c4491b 100644
--- a/windows/security/threat-protection/auditing/event-4622.md
+++ b/windows/security/threat-protection/auditing/event-4622.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4622(S): A security package has been loaded by the Local Security Authority.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
@@ -101,4 +97,4 @@ These are some Security Package DLLs loaded by default in Windows 10:
For 4622(S): A security package has been loaded by the Local Security Authority.
-- Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allow list or not.
\ No newline at end of file
+- Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allowlist or not.
\ No newline at end of file
diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md
index a61449dada..6a36fda6d7 100644
--- a/windows/security/threat-protection/auditing/event-4624.md
+++ b/windows/security/threat-protection/auditing/event-4624.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4624(S): An account was successfully logged on.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index d613787ba3..ec92960ecc 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4625(F): An account failed to log on.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md
index 667de4c561..1aba2f1f3b 100644
--- a/windows/security/threat-protection/auditing/event-4626.md
+++ b/windows/security/threat-protection/auditing/event-4626.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4626(S): User/Device claims information.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md
index 4a4fce1919..8ad79efcb2 100644
--- a/windows/security/threat-protection/auditing/event-4627.md
+++ b/windows/security/threat-protection/auditing/event-4627.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4627(S): Group membership information.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md
index b0541e2dbb..16bf3e049d 100644
--- a/windows/security/threat-protection/auditing/event-4634.md
+++ b/windows/security/threat-protection/auditing/event-4634.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 11/20/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4634(S): An account was logged off.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md
index 14dc2a7083..01428dba45 100644
--- a/windows/security/threat-protection/auditing/event-4647.md
+++ b/windows/security/threat-protection/auditing/event-4647.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4647(S): User initiated logoff.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md
index 44eb565de4..8d81d41573 100644
--- a/windows/security/threat-protection/auditing/event-4648.md
+++ b/windows/security/threat-protection/auditing/event-4648.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4648(S): A logon was attempted using explicit credentials.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md
index 06ae9ca1aa..75f1bf3c96 100644
--- a/windows/security/threat-protection/auditing/event-4649.md
+++ b/windows/security/threat-protection/auditing/event-4649.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4649(S): A replay attack was detected.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
This event generates on domain controllers when **KRB\_AP\_ERR\_REPEAT** Kerberos response was sent to the client.
diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md
index 7332ad06b8..7aee847e93 100644
--- a/windows/security/threat-protection/auditing/event-4656.md
+++ b/windows/security/threat-protection/auditing/event-4656.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4656(S, F): A handle to an object was requested.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md
index e0d0985203..39cb4e6052 100644
--- a/windows/security/threat-protection/auditing/event-4657.md
+++ b/windows/security/threat-protection/auditing/event-4657.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4657(S): A registry value was modified.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md
index 85b56fb6d0..0acb8a0b2f 100644
--- a/windows/security/threat-protection/auditing/event-4658.md
+++ b/windows/security/threat-protection/auditing/event-4658.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4658(S): The handle to an object was closed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md
index 7a921090fd..871435d568 100644
--- a/windows/security/threat-protection/auditing/event-4660.md
+++ b/windows/security/threat-protection/auditing/event-4660.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4660(S): An object was deleted.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md
index 27afd56d00..77da9a1780 100644
--- a/windows/security/threat-protection/auditing/event-4661.md
+++ b/windows/security/threat-protection/auditing/event-4661.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4661(S, F): A handle to an object was requested.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md
index b9d488c090..7950f49912 100644
--- a/windows/security/threat-protection/auditing/event-4662.md
+++ b/windows/security/threat-protection/auditing/event-4662.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4662(S, F): An operation was performed on an object.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md
index efa297ac08..d85a14bddf 100644
--- a/windows/security/threat-protection/auditing/event-4663.md
+++ b/windows/security/threat-protection/auditing/event-4663.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4663(S): An attempt was made to access an object.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md
index 9c99e5f2bc..36c3d8aa08 100644
--- a/windows/security/threat-protection/auditing/event-4664.md
+++ b/windows/security/threat-protection/auditing/event-4664.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4664(S): An attempt was made to create a hard link.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md
index ea7d4dcf1e..0f070cd8f8 100644
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4670(S): Permissions on an object were changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md
index fb46f1fb5a..cc53508b8f 100644
--- a/windows/security/threat-protection/auditing/event-4671.md
+++ b/windows/security/threat-protection/auditing/event-4671.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,11 +16,7 @@ ms.technology: mde
# 4671(-): An application attempted to access a blocked ordinal through the TBS.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
-
+*
Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system.
***Subcategory:*** [Audit Other Object Access Events](audit-other-object-access-events.md)
diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md
index 479e31207b..3e563025ba 100644
--- a/windows/security/threat-protection/auditing/event-4672.md
+++ b/windows/security/threat-protection/auditing/event-4672.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 12/20/2018
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4672(S): Special privileges assigned to new logon.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md
index cf5ef8d500..82e7ac1332 100644
--- a/windows/security/threat-protection/auditing/event-4673.md
+++ b/windows/security/threat-protection/auditing/event-4673.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4673(S, F): A privileged service was called.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md
index 734ce174c2..7a4b1a3654 100644
--- a/windows/security/threat-protection/auditing/event-4674.md
+++ b/windows/security/threat-protection/auditing/event-4674.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4674(S, F): An operation was attempted on a privileged object.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md
index 0af7742f2c..f2a5d0c97e 100644
--- a/windows/security/threat-protection/auditing/event-4675.md
+++ b/windows/security/threat-protection/auditing/event-4675.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4675(S): SIDs were filtered.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
This event generates when SIDs were filtered for specific Active Directory trust.
diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md
index fbb93d7b9b..12b9206a7f 100644
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4688(S): A new process has been created.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md
index 99bee451d9..49ec3f5924 100644
--- a/windows/security/threat-protection/auditing/event-4689.md
+++ b/windows/security/threat-protection/auditing/event-4689.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4689(S): A process has exited.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md
index d7a23d1da4..14d2dcb02d 100644
--- a/windows/security/threat-protection/auditing/event-4690.md
+++ b/windows/security/threat-protection/auditing/event-4690.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4690(S): An attempt was made to duplicate a handle to an object.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md
index c7ea74bdd7..30a869d7fc 100644
--- a/windows/security/threat-protection/auditing/event-4691.md
+++ b/windows/security/threat-protection/auditing/event-4691.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4691(S): Indirect access to an object was requested.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md
index 064c922cb4..7e1e0b5ab9 100644
--- a/windows/security/threat-protection/auditing/event-4692.md
+++ b/windows/security/threat-protection/auditing/event-4692.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4692(S, F): Backup of data protection master key was attempted.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md
index 1359ef1968..1bf4eef838 100644
--- a/windows/security/threat-protection/auditing/event-4693.md
+++ b/windows/security/threat-protection/auditing/event-4693.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4693(S, F): Recovery of data protection master key was attempted.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md
index 0b35bda1ba..c6e3ca0a8c 100644
--- a/windows/security/threat-protection/auditing/event-4694.md
+++ b/windows/security/threat-protection/auditing/event-4694.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4694(S, F): Protection of auditable protected data was attempted.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
This event generates if [DPAPI](/previous-versions/ms995355(v=msdn.10)) [**CryptProtectData**](/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata)() function was used with **CRYPTPROTECT\_AUDIT** flag (dwFlags) enabled.
diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md
index 9acd287be1..55d37910f6 100644
--- a/windows/security/threat-protection/auditing/event-4695.md
+++ b/windows/security/threat-protection/auditing/event-4695.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4695(S, F): Unprotection of auditable protected data was attempted.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
This event generates if [DPAPI](/previous-versions/ms995355(v=msdn.10)) [CryptUnprotectData](/windows/win32/api/dpapi/nf-dpapi-cryptunprotectdata)() function was used to unprotect “auditable” data that was encrypted using [**CryptProtectData**](/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata)() function with **CRYPTPROTECT\_AUDIT** flag (dwFlags) enabled.
diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md
index f156dc723b..c426f2bd9e 100644
--- a/windows/security/threat-protection/auditing/event-4696.md
+++ b/windows/security/threat-protection/auditing/event-4696.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4696(S): A primary token was assigned to process.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md
index 870352146b..4c6103a175 100644
--- a/windows/security/threat-protection/auditing/event-4697.md
+++ b/windows/security/threat-protection/auditing/event-4697.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4697(S): A service was installed in the system.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md
index 9ca662fa59..e3f0385c69 100644
--- a/windows/security/threat-protection/auditing/event-4698.md
+++ b/windows/security/threat-protection/auditing/event-4698.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4698(S): A scheduled task was created.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md
index dd814dd942..b48820c643 100644
--- a/windows/security/threat-protection/auditing/event-4699.md
+++ b/windows/security/threat-protection/auditing/event-4699.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4699(S): A scheduled task was deleted.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md
index e72f7d19f0..6c44dbfa8d 100644
--- a/windows/security/threat-protection/auditing/event-4700.md
+++ b/windows/security/threat-protection/auditing/event-4700.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4700(S): A scheduled task was enabled.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md
index e407e2bbbb..0fa78f8923 100644
--- a/windows/security/threat-protection/auditing/event-4701.md
+++ b/windows/security/threat-protection/auditing/event-4701.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4701(S): A scheduled task was disabled.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md
index 15d128ceef..2ae3e2b5e3 100644
--- a/windows/security/threat-protection/auditing/event-4702.md
+++ b/windows/security/threat-protection/auditing/event-4702.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4702(S): A scheduled task was updated.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md
index e8b7ecded9..a2d0ea1520 100644
--- a/windows/security/threat-protection/auditing/event-4703.md
+++ b/windows/security/threat-protection/auditing/event-4703.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4703(S): A user right was adjusted.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md
index cb6b95669b..04357bb664 100644
--- a/windows/security/threat-protection/auditing/event-4704.md
+++ b/windows/security/threat-protection/auditing/event-4704.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4704(S): A user right was assigned.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md
index 5588e33560..0da39782ac 100644
--- a/windows/security/threat-protection/auditing/event-4705.md
+++ b/windows/security/threat-protection/auditing/event-4705.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4705(S): A user right was removed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md
index e0abbded89..5bceee43f2 100644
--- a/windows/security/threat-protection/auditing/event-4706.md
+++ b/windows/security/threat-protection/auditing/event-4706.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4706(S): A new trust was created to a domain.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md
index f16f66bdcd..66c5a3a235 100644
--- a/windows/security/threat-protection/auditing/event-4707.md
+++ b/windows/security/threat-protection/auditing/event-4707.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4707(S): A trust to a domain was removed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md
index 032446b19b..1fc0eda8ae 100644
--- a/windows/security/threat-protection/auditing/event-4713.md
+++ b/windows/security/threat-protection/auditing/event-4713.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4713(S): Kerberos policy was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md
index d7c176a754..c95647f342 100644
--- a/windows/security/threat-protection/auditing/event-4714.md
+++ b/windows/security/threat-protection/auditing/event-4714.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4714(S): Encrypted data recovery policy was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md
index d4e9d14839..54836c643a 100644
--- a/windows/security/threat-protection/auditing/event-4715.md
+++ b/windows/security/threat-protection/auditing/event-4715.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4715(S): The audit policy (SACL) on an object was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md
index 1cd47c82c4..3b035321b0 100644
--- a/windows/security/threat-protection/auditing/event-4716.md
+++ b/windows/security/threat-protection/auditing/event-4716.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/04/2019
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4716(S): Trusted domain information was modified.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md
index bd3378f122..0d79674053 100644
--- a/windows/security/threat-protection/auditing/event-4717.md
+++ b/windows/security/threat-protection/auditing/event-4717.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4717(S): System security access was granted to an account.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md
index 4c8c676ce4..22f9f3a64a 100644
--- a/windows/security/threat-protection/auditing/event-4718.md
+++ b/windows/security/threat-protection/auditing/event-4718.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4718(S): System security access was removed from an account.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md
index 98469b6945..dc67d391cf 100644
--- a/windows/security/threat-protection/auditing/event-4719.md
+++ b/windows/security/threat-protection/auditing/event-4719.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4719(S): System audit policy was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md
index 1569aebb53..1500cd23c9 100644
--- a/windows/security/threat-protection/auditing/event-4720.md
+++ b/windows/security/threat-protection/auditing/event-4720.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4720(S): A user account was created.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md
index e156a9bedf..6b10efb7c8 100644
--- a/windows/security/threat-protection/auditing/event-4722.md
+++ b/windows/security/threat-protection/auditing/event-4722.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4722(S): A user account was enabled.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md
index 8a2eb1aa9b..2208f2ae0e 100644
--- a/windows/security/threat-protection/auditing/event-4723.md
+++ b/windows/security/threat-protection/auditing/event-4723.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4723(S, F): An attempt was made to change an account's password.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md
index f360a13828..104704dc32 100644
--- a/windows/security/threat-protection/auditing/event-4724.md
+++ b/windows/security/threat-protection/auditing/event-4724.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4724(S, F): An attempt was made to reset an account's password.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md
index 5be795b261..0b6ed0593a 100644
--- a/windows/security/threat-protection/auditing/event-4725.md
+++ b/windows/security/threat-protection/auditing/event-4725.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4725(S): A user account was disabled.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md
index f8f7ffba8c..03f7cab6c8 100644
--- a/windows/security/threat-protection/auditing/event-4726.md
+++ b/windows/security/threat-protection/auditing/event-4726.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4726(S): A user account was deleted.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md
index 78d8e0e0c8..ecbe498b31 100644
--- a/windows/security/threat-protection/auditing/event-4731.md
+++ b/windows/security/threat-protection/auditing/event-4731.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4731(S): A security-enabled local group was created.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md
index 2619367fa3..b837e2da3a 100644
--- a/windows/security/threat-protection/auditing/event-4732.md
+++ b/windows/security/threat-protection/auditing/event-4732.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4732(S): A member was added to a security-enabled local group.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md
index 219ebdc036..1ff01f46dd 100644
--- a/windows/security/threat-protection/auditing/event-4733.md
+++ b/windows/security/threat-protection/auditing/event-4733.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4733(S): A member was removed from a security-enabled local group.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md
index df33b3726f..7fc762a800 100644
--- a/windows/security/threat-protection/auditing/event-4734.md
+++ b/windows/security/threat-protection/auditing/event-4734.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4734(S): A security-enabled local group was deleted.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md
index 14d1e6df28..ebd05f8b62 100644
--- a/windows/security/threat-protection/auditing/event-4735.md
+++ b/windows/security/threat-protection/auditing/event-4735.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4735(S): A security-enabled local group was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md
index f62d7e4ba8..1beea8a564 100644
--- a/windows/security/threat-protection/auditing/event-4738.md
+++ b/windows/security/threat-protection/auditing/event-4738.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4738(S): A user account was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md
index e3268f4c69..d8417cef87 100644
--- a/windows/security/threat-protection/auditing/event-4739.md
+++ b/windows/security/threat-protection/auditing/event-4739.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4739(S): Domain Policy was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md
index db7139e935..095b90641e 100644
--- a/windows/security/threat-protection/auditing/event-4740.md
+++ b/windows/security/threat-protection/auditing/event-4740.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4740(S): A user account was locked out.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md
index 6c83f23d1e..c09ba86137 100644
--- a/windows/security/threat-protection/auditing/event-4741.md
+++ b/windows/security/threat-protection/auditing/event-4741.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4741(S): A computer account was created.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md
index 5d0cda5110..b838e77a00 100644
--- a/windows/security/threat-protection/auditing/event-4742.md
+++ b/windows/security/threat-protection/auditing/event-4742.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4742(S): A computer account was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md
index 3402a5e1d7..064855d936 100644
--- a/windows/security/threat-protection/auditing/event-4743.md
+++ b/windows/security/threat-protection/auditing/event-4743.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4743(S): A computer account was deleted.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md
index 478ae9e021..e1990c4f1e 100644
--- a/windows/security/threat-protection/auditing/event-4749.md
+++ b/windows/security/threat-protection/auditing/event-4749.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4749(S): A security-disabled global group was created.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md
index 1a8a03f92a..9ebd361c00 100644
--- a/windows/security/threat-protection/auditing/event-4750.md
+++ b/windows/security/threat-protection/auditing/event-4750.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4750(S): A security-disabled global group was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md
index cc06f2ae5d..c187c0da6a 100644
--- a/windows/security/threat-protection/auditing/event-4751.md
+++ b/windows/security/threat-protection/auditing/event-4751.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4751(S): A member was added to a security-disabled global group.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md
index ef79c01bca..642eb6b948 100644
--- a/windows/security/threat-protection/auditing/event-4752.md
+++ b/windows/security/threat-protection/auditing/event-4752.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4752(S): A member was removed from a security-disabled global group.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md
index 45b9de0d33..cf4ada677c 100644
--- a/windows/security/threat-protection/auditing/event-4753.md
+++ b/windows/security/threat-protection/auditing/event-4753.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4753(S): A security-disabled global group was deleted.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md
index 3b50ba9bf1..073049f2bf 100644
--- a/windows/security/threat-protection/auditing/event-4764.md
+++ b/windows/security/threat-protection/auditing/event-4764.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,9 +16,6 @@ ms.technology: mde
# 4764(S): A group’s type was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md
index ff685d9081..472f9a92d0 100644
--- a/windows/security/threat-protection/auditing/event-4765.md
+++ b/windows/security/threat-protection/auditing/event-4765.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4765(S): SID History was added to an account.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
This event generates when [SID History](/windows/win32/adschema/a-sidhistory) was added to an account.
diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md
index 7593423b22..bf5820689e 100644
--- a/windows/security/threat-protection/auditing/event-4766.md
+++ b/windows/security/threat-protection/auditing/event-4766.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4766(F): An attempt to add SID History to an account failed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
This event generates when an attempt to add [SID History](/windows/win32/adschema/a-sidhistory) to an account failed.
diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md
index cf7b13e4f0..4b580f7dc0 100644
--- a/windows/security/threat-protection/auditing/event-4767.md
+++ b/windows/security/threat-protection/auditing/event-4767.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4767(S): A user account was unlocked.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 64156ecd85..9509c1486b 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
:::image type="content" alt-text="Event 4768 illustration." source="images/event-4768.png":::
diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md
index 5c460724b8..1790274e2c 100644
--- a/windows/security/threat-protection/auditing/event-4769.md
+++ b/windows/security/threat-protection/auditing/event-4769.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4769(S, F): A Kerberos service ticket was requested.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md
index ac38dc82f9..6a1627d7df 100644
--- a/windows/security/threat-protection/auditing/event-4770.md
+++ b/windows/security/threat-protection/auditing/event-4770.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4770(S): A Kerberos service ticket was renewed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md
index c5aea23ecb..9891a617a0 100644
--- a/windows/security/threat-protection/auditing/event-4771.md
+++ b/windows/security/threat-protection/auditing/event-4771.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 07/23/2020
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4771(F): Kerberos pre-authentication failed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md
index 2124b16bb1..c93994b2ed 100644
--- a/windows/security/threat-protection/auditing/event-4772.md
+++ b/windows/security/threat-protection/auditing/event-4772.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4772(F): A Kerberos authentication ticket request failed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. [4768](event-4768.md) failure event is generated instead.
diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md
index ba672478d8..3d4e1fe09b 100644
--- a/windows/security/threat-protection/auditing/event-4773.md
+++ b/windows/security/threat-protection/auditing/event-4773.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4773(F): A Kerberos service ticket request failed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. [4769](event-4769.md) failure event is generated instead.
diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md
index 08eb0fe72f..4c01962461 100644
--- a/windows/security/threat-protection/auditing/event-4774.md
+++ b/windows/security/threat-protection/auditing/event-4774.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,9 +16,6 @@ ms.technology: mde
# 4774(S, F): An account was mapped for logon.
-**Applies to**
-- Windows 10
-- Windows Server 2016
Success events do not appear to occur. Failure event [has been reported](http://forum.ultimatewindowssecurity.com/Topic7313-282-1.aspx).
diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md
index cf27ccdf2a..c9e4a319e8 100644
--- a/windows/security/threat-protection/auditing/event-4775.md
+++ b/windows/security/threat-protection/auditing/event-4775.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4775(F): An account could not be mapped for logon.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
It appears that this event never occurs.
diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md
index 8b9727aaa0..4fde7cba9b 100644
--- a/windows/security/threat-protection/auditing/event-4776.md
+++ b/windows/security/threat-protection/auditing/event-4776.md
@@ -16,10 +16,6 @@ ms.technology: mde
# 4776(S, F): The computer attempted to validate the credentials for an account.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md
index 28a4b42d08..f5b01ce6aa 100644
--- a/windows/security/threat-protection/auditing/event-4777.md
+++ b/windows/security/threat-protection/auditing/event-4777.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4777(F): The domain controller failed to validate the credentials for an account.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. [4776](event-4776.md) failure event is generated instead.
diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md
index 8293e41487..f7278c0017 100644
--- a/windows/security/threat-protection/auditing/event-4778.md
+++ b/windows/security/threat-protection/auditing/event-4778.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4778(S): A session was reconnected to a Window Station.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md
index 29836498cc..3f34f106e4 100644
--- a/windows/security/threat-protection/auditing/event-4779.md
+++ b/windows/security/threat-protection/auditing/event-4779.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4779(S): A session was disconnected from a Window Station.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md
index 00faedae10..94b8733eab 100644
--- a/windows/security/threat-protection/auditing/event-4780.md
+++ b/windows/security/threat-protection/auditing/event-4780.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4780(S): The ACL was set on accounts which are members of administrators groups.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
Every hour, the domain controller that holds the primary domain controller (PDC) Flexible Single Master Operation (FSMO) role compares the ACL on all security principal accounts (users, groups, and machine accounts) present for its domain in Active Directory and that are in administrative or security-sensitive groups and which have AdminCount attribute = 1 against the ACL on the [AdminSDHolder](/previous-versions/technet-magazine/ee361593(v=msdn.10)) object. If the ACL on the principal account differs from the ACL on the AdminSDHolder object, then the ACL on the principal account is reset to match the ACL on the AdminSDHolder object and this event is generated.
diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md
index 2adb3bcac5..0e7051d0c0 100644
--- a/windows/security/threat-protection/auditing/event-4781.md
+++ b/windows/security/threat-protection/auditing/event-4781.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4781(S): The name of an account was changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md
index e0ecc19336..0d7d285e29 100644
--- a/windows/security/threat-protection/auditing/event-4782.md
+++ b/windows/security/threat-protection/auditing/event-4782.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4782(S): The password hash of an account was accessed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md
index 4b75a802d5..d471201647 100644
--- a/windows/security/threat-protection/auditing/event-4793.md
+++ b/windows/security/threat-protection/auditing/event-4793.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4793(S): The Password Policy Checking API was called.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md
index 6e585048c1..6901d09cbe 100644
--- a/windows/security/threat-protection/auditing/event-4794.md
+++ b/windows/security/threat-protection/auditing/event-4794.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md
index 3fddfd9b65..15a1328384 100644
--- a/windows/security/threat-protection/auditing/event-4798.md
+++ b/windows/security/threat-protection/auditing/event-4798.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4798(S): A user's local group membership was enumerated.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md
index 18b337fcdc..92441ae64b 100644
--- a/windows/security/threat-protection/auditing/event-4799.md
+++ b/windows/security/threat-protection/auditing/event-4799.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4799(S): A security-enabled local group membership was enumerated.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md
index 92c543f8b0..2e468c9d92 100644
--- a/windows/security/threat-protection/auditing/event-4800.md
+++ b/windows/security/threat-protection/auditing/event-4800.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4800(S): The workstation was locked.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md
index ed7c8ec85c..7da15cbbe7 100644
--- a/windows/security/threat-protection/auditing/event-4801.md
+++ b/windows/security/threat-protection/auditing/event-4801.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4801(S): The workstation was unlocked.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md
index 9f5fa2b8e3..7ea6add001 100644
--- a/windows/security/threat-protection/auditing/event-4802.md
+++ b/windows/security/threat-protection/auditing/event-4802.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4802(S): The screen saver was invoked.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md
index 20304e4527..4971789fd3 100644
--- a/windows/security/threat-protection/auditing/event-4803.md
+++ b/windows/security/threat-protection/auditing/event-4803.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4803(S): The screen saver was dismissed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md
index 9e36c52bb1..a2c127435d 100644
--- a/windows/security/threat-protection/auditing/event-4816.md
+++ b/windows/security/threat-protection/auditing/event-4816.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4816(S): RPC detected an integrity violation while decrypting an incoming message.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
This message generates if RPC detected an integrity violation while decrypting an incoming message.
diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md
index 0b0fc16bf7..3744b68704 100644
--- a/windows/security/threat-protection/auditing/event-4817.md
+++ b/windows/security/threat-protection/auditing/event-4817.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4817(S): Auditing settings on object were changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md
index 05266e39e5..c71a145e05 100644
--- a/windows/security/threat-protection/auditing/event-4818.md
+++ b/windows/security/threat-protection/auditing/event-4818.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md
index 3751b39e45..f3acc685b2 100644
--- a/windows/security/threat-protection/auditing/event-4819.md
+++ b/windows/security/threat-protection/auditing/event-4819.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4819(S): Central Access Policies on the machine have been changed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md
index 2e78b4c653..27f8cbeb41 100644
--- a/windows/security/threat-protection/auditing/event-4826.md
+++ b/windows/security/threat-protection/auditing/event-4826.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4826(S): Boot Configuration Data loaded.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md
index ca1995291e..aec977eddd 100644
--- a/windows/security/threat-protection/auditing/event-4864.md
+++ b/windows/security/threat-protection/auditing/event-4864.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4864(S): A namespace collision was detected.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
This event is generated when a namespace collision was detected.
diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md
index 063eb88afc..994d2407a3 100644
--- a/windows/security/threat-protection/auditing/event-4865.md
+++ b/windows/security/threat-protection/auditing/event-4865.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4865(S): A trusted forest information entry was added.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md
index 922d662887..ad75bb1d68 100644
--- a/windows/security/threat-protection/auditing/event-4866.md
+++ b/windows/security/threat-protection/auditing/event-4866.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4866(S): A trusted forest information entry was removed.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md
index a8fdb4a693..e82918ba71 100644
--- a/windows/security/threat-protection/auditing/event-4867.md
+++ b/windows/security/threat-protection/auditing/event-4867.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4867(S): A trusted forest information entry was modified.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md
index d5a7640b84..67d2817434 100644
--- a/windows/security/threat-protection/auditing/event-4902.md
+++ b/windows/security/threat-protection/auditing/event-4902.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4902(S): The Per-user audit policy table was created.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md
index 268606eab6..0a72ca6e45 100644
--- a/windows/security/threat-protection/auditing/event-4904.md
+++ b/windows/security/threat-protection/auditing/event-4904.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
# 4904(S): An attempt was made to register a security event source.
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
