deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Auditing: add MD code block to table keywords

Browse Source 
Description:
This PR aims to block keywords and values from being translated to
another language, keeping the values and keywords intact, in response
to the windows-itpro-docs issue ticket #4995.

Proposed changes:

- Surround Logon Type values and Logon Title keywords with MD code
  block markers (back ticks) to keep them from being translated by MT.
- Add XML indentation to the XML for the layout to be shown properly.

Thanks to @takondo for pointing out the uselessness in translating
these parts of the table when the document is machine translated.

Ref. issue ticket #4995

(The ticket can be closed when this commit is successfully migrated
  and shown to be effective against machine translation.)
This commit is contained in:
illfated 2019-09-24 20:09:52 +02:00
parent 87c19e15ba
commit 1d4bc9423c
1 changed files with 60 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
windows/security/threat-protection/auditing/event-4624.md
View File

@ -33,9 +33,10 @@ This event generates when a logon session is created (on destination machine). I
<br clear="all"> <br clear="all">
***Event XML:*** ***Event XML:***
``` ```xml
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <?xml version="1.0"?>
- <System> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}"/> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}"/>
<EventID>4624</EventID> <EventID>4624</EventID>
<Version>2</Version> <Version>2</Version>
@ -51,7 +52,7 @@ This event generates when a logon session is created (on destination machine). I
<Computer>WIN-GG82ULGC9GO</Computer> <Computer>WIN-GG82ULGC9GO</Computer>
<Security/> <Security/>
</System> </System>
- <EventData> <EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data> <Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">WIN-GG82ULGC9GO$</Data> <Data Name="SubjectUserName">WIN-GG82ULGC9GO$</Data>
<Data Name="SubjectDomainName">WORKGROUP</Data> <Data Name="SubjectDomainName">WORKGROUP</Data>
@ -81,7 +82,6 @@ This event generates when a logon session is created (on destination machine). I
<Data Name="ElevatedToken">%%1842</Data> <Data Name="ElevatedToken">%%1842</Data>
</EventData> </EventData>
</Event> </Event>
``` ```
***Required Server Roles:*** None. ***Required Server Roles:*** None.
@ -145,16 +145,16 @@ This event generates when a logon session is created (on destination machine). I
## Logon types and descriptions ## Logon types and descriptions
| Logon Type | Logon Title | Description | | Logon Type | Logon Title | Description |
|------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |:----------:|---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 2 | Interactive | A user logged on to this computer. | | `2` | `Interactive` | A user logged on to this computer. |
| 3 | Network | A user or computer logged on to this computer from the network. | | `3` | `Network` | A user or computer logged on to this computer from the network. |
| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. | | `4` | `Batch` | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |
| 5 | Service | A service was started by the Service Control Manager. | | `5` | `Service` | A service was started by the Service Control Manager. |
| 7 | Unlock | This workstation was unlocked. | | `7` | `Unlock` | This workstation was unlocked. |
| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). | | `8` | `NetworkCleartext` | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |
| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. | | `9` | `NewCredentials` | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |
| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. | | `10` | `RemoteInteractive` | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |
| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. | | `11` | `CachedInteractive` | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |
- **Restricted Admin Mode** \[Version 2\] \[Type = UnicodeString\]**:** Only populated for **RemoteInteractive** logon type sessions. This is a Yes/No flag indicating if the credentials provided were passed using Restricted Admin mode. Restricted Admin mode was added in Win8.1/2012R2 but this flag was added to the event in Win10. - **Restricted Admin Mode** \[Version 2\] \[Type = UnicodeString\]**:** Only populated for **RemoteInteractive** logon type sessions. This is a Yes/No flag indicating if the credentials provided were passed using Restricted Admin mode. Restricted Admin mode was added in Win8.1/2012R2 but this flag was added to the event in Win10.