From 333a0ccb6a27aab7afb3ab19a2ca749fadfbc47c Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Mon, 29 Nov 2021 15:45:27 +0530 Subject: [PATCH] 5560668-part4 --- windows/security/threat-protection/auditing/event-4672.md | 2 +- windows/security/threat-protection/auditing/event-4673.md | 2 +- windows/security/threat-protection/auditing/event-4674.md | 2 +- windows/security/threat-protection/auditing/event-4688.md | 4 ++-- windows/security/threat-protection/auditing/event-4689.md | 2 +- windows/security/threat-protection/auditing/event-4690.md | 2 +- windows/security/threat-protection/auditing/event-4691.md | 2 +- windows/security/threat-protection/auditing/event-4692.md | 2 +- windows/security/threat-protection/auditing/event-4693.md | 2 +- windows/security/threat-protection/auditing/event-4696.md | 4 ++-- windows/security/threat-protection/auditing/event-4697.md | 2 +- windows/security/threat-protection/auditing/event-4698.md | 2 +- windows/security/threat-protection/auditing/event-4699.md | 2 +- windows/security/threat-protection/auditing/event-4700.md | 2 +- windows/security/threat-protection/auditing/event-4701.md | 2 +- windows/security/threat-protection/auditing/event-4702.md | 2 +- windows/security/threat-protection/auditing/event-4703.md | 4 ++-- windows/security/threat-protection/auditing/event-4704.md | 2 +- windows/security/threat-protection/auditing/event-4705.md | 2 +- windows/security/threat-protection/auditing/event-4706.md | 2 +- windows/security/threat-protection/auditing/event-4707.md | 2 +- windows/security/threat-protection/auditing/event-4713.md | 2 +- windows/security/threat-protection/auditing/event-4715.md | 2 +- windows/security/threat-protection/auditing/event-4716.md | 2 +- windows/security/threat-protection/auditing/event-4717.md | 2 +- windows/security/threat-protection/auditing/event-4718.md | 2 +- windows/security/threat-protection/auditing/event-4719.md | 2 +- windows/security/threat-protection/auditing/event-4720.md | 4 ++-- windows/security/threat-protection/auditing/event-4722.md | 2 +- windows/security/threat-protection/auditing/event-4723.md | 2 +- 30 files changed, 34 insertions(+), 34 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md index af47315a26..863cb342a4 100644 --- a/windows/security/threat-protection/auditing/event-4672.md +++ b/windows/security/threat-protection/auditing/event-4672.md @@ -110,7 +110,7 @@ You typically will see many of these events in the event log, because every logo - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md index 6252059b6d..f815be18a8 100644 --- a/windows/security/threat-protection/auditing/event-4673.md +++ b/windows/security/threat-protection/auditing/event-4673.md @@ -90,7 +90,7 @@ Failure event generates when service call attempt fails. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md index 9f1b9914da..038e21fa18 100644 --- a/windows/security/threat-protection/auditing/event-4674.md +++ b/windows/security/threat-protection/auditing/event-4674.md @@ -93,7 +93,7 @@ Failure event generates when operation attempt fails. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index fd44f24170..651edeee10 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -108,7 +108,7 @@ This event generates every time a new process starts. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81". @@ -132,7 +132,7 @@ This event generates every time a new process starts. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81". diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md index 74412386d9..3d50a5e80d 100644 --- a/windows/security/threat-protection/auditing/event-4689.md +++ b/windows/security/threat-protection/auditing/event-4689.md @@ -85,7 +85,7 @@ This event generates every time a process has exited. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md index f588b637ce..84686b24aa 100644 --- a/windows/security/threat-protection/auditing/event-4690.md +++ b/windows/security/threat-protection/auditing/event-4690.md @@ -86,7 +86,7 @@ This event generates if an attempt was made to duplicate a handle to an object. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md index 45e0209fc6..c8ce062789 100644 --- a/windows/security/threat-protection/auditing/event-4691.md +++ b/windows/security/threat-protection/auditing/event-4691.md @@ -89,7 +89,7 @@ These events are generated for [ALPC Ports](/windows/win32/etw/alpc) access requ - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md index f68457c377..639cac22bf 100644 --- a/windows/security/threat-protection/auditing/event-4692.md +++ b/windows/security/threat-protection/auditing/event-4692.md @@ -96,7 +96,7 @@ Failure event generates when a Master Key backup operation fails for some reason - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md index 21e769eae0..e816c4c45b 100644 --- a/windows/security/threat-protection/auditing/event-4693.md +++ b/windows/security/threat-protection/auditing/event-4693.md @@ -93,7 +93,7 @@ Failure event generates when a Master Key restore operation fails for some reaso - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md index 37ca02dd04..dd8e59af94 100644 --- a/windows/security/threat-protection/auditing/event-4696.md +++ b/windows/security/threat-protection/auditing/event-4696.md @@ -92,7 +92,7 @@ This event generates every time a process runs using the non-current access toke - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -134,7 +134,7 @@ This event generates every time a process runs using the non-current access toke - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md index 16ace0c0a6..32489e2c4d 100644 --- a/windows/security/threat-protection/auditing/event-4697.md +++ b/windows/security/threat-protection/auditing/event-4697.md @@ -87,7 +87,7 @@ This event generates when new service was installed in the system. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md index fae37ea9f2..32adfda2d6 100644 --- a/windows/security/threat-protection/auditing/event-4698.md +++ b/windows/security/threat-protection/auditing/event-4698.md @@ -95,7 +95,7 @@ This event generates every time a new scheduled task is created. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md index dcea15f17d..4e94788e1f 100644 --- a/windows/security/threat-protection/auditing/event-4699.md +++ b/windows/security/threat-protection/auditing/event-4699.md @@ -95,7 +95,7 @@ This event generates every time a scheduled task was deleted. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md index 2a46c16d19..9fb16aefd8 100644 --- a/windows/security/threat-protection/auditing/event-4700.md +++ b/windows/security/threat-protection/auditing/event-4700.md @@ -95,7 +95,7 @@ This event generates every time a scheduled task is enabled. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md index e7bc488cc8..f6c37f2fde 100644 --- a/windows/security/threat-protection/auditing/event-4701.md +++ b/windows/security/threat-protection/auditing/event-4701.md @@ -95,7 +95,7 @@ This event generates every time a scheduled task is disabled. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md index 78fee18be6..e42e4e116b 100644 --- a/windows/security/threat-protection/auditing/event-4702.md +++ b/windows/security/threat-protection/auditing/event-4702.md @@ -95,7 +95,7 @@ This event generates every time scheduled task was updated/changed. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md index 938491bf3a..692ef083f0 100644 --- a/windows/security/threat-protection/auditing/event-4703.md +++ b/windows/security/threat-protection/auditing/event-4703.md @@ -94,7 +94,7 @@ Token privileges provide the ability to take certain system-level actions that y - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -116,7 +116,7 @@ Token privileges provide the ability to take certain system-level actions that y - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index b76c240efe..824a755e4b 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -86,7 +86,7 @@ You will see unique event for every user. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index b4ecb04b99..6738fed5c9 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -86,7 +86,7 @@ You will see unique event for every user. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md index 5d2f62ef77..cf21247125 100644 --- a/windows/security/threat-protection/auditing/event-4706.md +++ b/windows/security/threat-protection/auditing/event-4706.md @@ -90,7 +90,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md index be0c79ea65..46cc4912f4 100644 --- a/windows/security/threat-protection/auditing/event-4707.md +++ b/windows/security/threat-protection/auditing/event-4707.md @@ -86,7 +86,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md index d54358f133..040a4757be 100644 --- a/windows/security/threat-protection/auditing/event-4713.md +++ b/windows/security/threat-protection/auditing/event-4713.md @@ -85,7 +85,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 6b6faa90fa..484f51c5ca 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -85,7 +85,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index 7f058962db..212334d05a 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -90,7 +90,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index 33d3817929..22a4ae6f99 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -86,7 +86,7 @@ You will see unique event for every user if logon user rights were granted to mu - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index a7e1307af2..a6b2d122b0 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -86,7 +86,7 @@ You will see unique event for every user if logon user rights were removed for m - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md index 1a2dabdc7e..b059b70570 100644 --- a/windows/security/threat-protection/auditing/event-4719.md +++ b/windows/security/threat-protection/auditing/event-4719.md @@ -88,7 +88,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md index 7e6fc9cb68..f825fb7830 100644 --- a/windows/security/threat-protection/auditing/event-4720.md +++ b/windows/security/threat-protection/auditing/event-4720.md @@ -105,7 +105,7 @@ This event generates on domain controllers, member servers, and workstations. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -157,7 +157,7 @@ Typically, **Primary Group** field for new user accounts has the following value - 513 (Domain Users. For local accounts this RID means Users) – for domain and local users. - See this article for more information. This parameter contains the value of **primaryGroupID** attribute of new user object. + See this article for more information. This parameter contains the value of **primaryGroupID** attribute of new user object. diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md index c29e7669bc..6f79a8db9d 100644 --- a/windows/security/threat-protection/auditing/event-4722.md +++ b/windows/security/threat-protection/auditing/event-4722.md @@ -89,7 +89,7 @@ For computer accounts, this event generates only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md index 1246930e5a..9c7be0c550 100644 --- a/windows/security/threat-protection/auditing/event-4723.md +++ b/windows/security/threat-protection/auditing/event-4723.md @@ -96,7 +96,7 @@ Typically you will see 4723 events with the same **Subject\\Security ID** and ** - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.