mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-22 13:53:39 +00:00
updated links
This commit is contained in:
Beth Levin
@ -158,7 +158,7 @@ This event generates when a logon session is created (on destination machine). I
|
|||||||
|
|
||||||
- **Restricted Admin Mode** \[Version 2\] \[Type = UnicodeString\]**:** Only populated for **RemoteInteractive** logon type sessions. This is a Yes/No flag indicating if the credentials provided were passed using Restricted Admin mode. Restricted Admin mode was added in Win8.1/2012R2 but this flag was added to the event in Win10.
|
- **Restricted Admin Mode** \[Version 2\] \[Type = UnicodeString\]**:** Only populated for **RemoteInteractive** logon type sessions. This is a Yes/No flag indicating if the credentials provided were passed using Restricted Admin mode. Restricted Admin mode was added in Win8.1/2012R2 but this flag was added to the event in Win10.
|
||||||
|
|
||||||
Reference: <http://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx>.
|
Reference: <https://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx>.
|
||||||
|
|
||||||
If not a **RemoteInteractive** logon, then this will be "-" string.
|
If not a **RemoteInteractive** logon, then this will be "-" string.
|
||||||
|
|
||||||
|
|||||||
@ -30,7 +30,7 @@ This event generates each time the [Password Policy Checking API](https://msdn.m
|
|||||||
|
|
||||||
The Password Policy Checking API allows an application to check password compliance against an application-provided account database or single account and verify that passwords meet the complexity, aging, minimum length, and history reuse requirements of a password policy.
|
The Password Policy Checking API allows an application to check password compliance against an application-provided account database or single account and verify that passwords meet the complexity, aging, minimum length, and history reuse requirements of a password policy.
|
||||||
|
|
||||||
This event, for example, generates during Directory Services Restore Mode ([DSRM](http://blogs.technet.com/b/askds/archive/2009/03/11/ds-restore-mode-password-maintenance.aspx)) account password reset procedure to check new DSRM password.
|
This event, for example, generates during Directory Services Restore Mode ([DSRM](https://blogs.technet.com/b/askds/archive/2009/03/11/ds-restore-mode-password-maintenance.aspx)) account password reset procedure to check new DSRM password.
|
||||||
|
|
||||||
This event generates on the computer where Password Policy Checking API was called.
|
This event generates on the computer where Password Policy Checking API was called.
|
||||||
|
|
||||||
|
|||||||
@ -34,7 +34,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
|
|||||||
|
|
||||||
More information about Special Groups auditing can be found here:
|
More information about Special Groups auditing can be found here:
|
||||||
|
|
||||||
<http://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx>
|
<https://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx>
|
||||||
|
|
||||||
<https://support.microsoft.com/kb/947223>
|
<https://support.microsoft.com/kb/947223>
|
||||||
|
|
||||||
|
|||||||
@ -26,7 +26,7 @@ ms.author: dansimp
|
|||||||
|
|
||||||
***Event Description:***
|
***Event Description:***
|
||||||
|
|
||||||
This event generates when [resource attributes](http://blogs.technet.com/b/canitpro/archive/2013/05/07/step-by-step-protecting-your-information-with-dynamic-access-control.aspx) of the file system object were changed.
|
This event generates when [resource attributes](https://blogs.technet.com/b/canitpro/archive/2013/05/07/step-by-step-protecting-your-information-with-dynamic-access-control.aspx) of the file system object were changed.
|
||||||
|
|
||||||
Resource attributes for file or folder can be changed, for example, using Windows File Explorer (object’s Properties->Classification tab).
|
Resource attributes for file or folder can be changed, for example, using Windows File Explorer (object’s Properties->Classification tab).
|
||||||
|
|
||||||
|
|||||||
@ -26,7 +26,7 @@ ms.author: dansimp
|
|||||||
|
|
||||||
***Event Description:***
|
***Event Description:***
|
||||||
|
|
||||||
This event occurs when an account that is a member of any defined [Special Group](http://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx) logs in.
|
This event occurs when an account that is a member of any defined [Special Group](https://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx) logs in.
|
||||||
|
|
||||||
> **Note** For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
|
> **Note** For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
|
||||||
|
|
||||||
@ -94,7 +94,7 @@ This event occurs when an account that is a member of any defined [Special Group
|
|||||||
|
|
||||||
> S-1-5-32-544;S-1-5-32-123-54-65
|
> S-1-5-32-544;S-1-5-32-123-54-65
|
||||||
|
|
||||||
> For more information see: <http://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx>
|
> For more information see: <https://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx>
|
||||||
|
|
||||||
***Field Descriptions:***
|
***Field Descriptions:***
|
||||||
|
|
||||||
|
|||||||
@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
|
|||||||
|
|
||||||
- <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
|
- <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
|
- <https://www.microsoft.com/download/details.aspx?id=1251>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
|
- <https://www.microsoft.com/download/details.aspx?id=30688>
|
||||||
|
|
||||||
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
||||||
|
|
||||||
|
|||||||
@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
|
|||||||
|
|
||||||
- <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
|
- <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
|
- <https://www.microsoft.com/download/details.aspx?id=1251>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
|
- <https://www.microsoft.com/download/details.aspx?id=30688>
|
||||||
|
|
||||||
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
||||||
|
|
||||||
|
|||||||
@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
|
|||||||
|
|
||||||
- <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
|
- <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
|
- <https://www.microsoft.com/download/details.aspx?id=1251>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
|
- <https://www.microsoft.com/download/details.aspx?id=30688>
|
||||||
|
|
||||||
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
||||||
|
|
||||||
|
|||||||
@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
|
|||||||
|
|
||||||
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
|
- <https://www.microsoft.com/download/details.aspx?id=1251>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
|
- <https://www.microsoft.com/download/details.aspx?id=30688>
|
||||||
|
|
||||||
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
||||||
|
|
||||||
|
|||||||
@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
|
|||||||
|
|
||||||
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
|
- <https://www.microsoft.com/download/details.aspx?id=1251>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
|
- <https://www.microsoft.com/download/details.aspx?id=30688>
|
||||||
|
|
||||||
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
||||||
|
|
||||||
|
|||||||
@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
|
|||||||
|
|
||||||
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
|
- <https://www.microsoft.com/download/details.aspx?id=1251>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
|
- <https://www.microsoft.com/download/details.aspx?id=30688>
|
||||||
|
|
||||||
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
||||||
|
|
||||||
|
|||||||
@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
|
|||||||
|
|
||||||
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
|
- <https://www.microsoft.com/download/details.aspx?id=1251>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
|
- <https://www.microsoft.com/download/details.aspx?id=30688>
|
||||||
|
|
||||||
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
||||||
|
|
||||||
|
|||||||
@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
|
|||||||
|
|
||||||
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
|
- <https://www.microsoft.com/download/details.aspx?id=1251>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
|
- <https://www.microsoft.com/download/details.aspx?id=30688>
|
||||||
|
|
||||||
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
||||||
|
|
||||||
|
|||||||
@ -26,9 +26,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
|
|||||||
|
|
||||||
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
|
- <https://www.microsoft.com/download/details.aspx?id=1251>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
|
- <https://www.microsoft.com/download/details.aspx?id=30688>
|
||||||
|
|
||||||
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
||||||
|
|
||||||
|
|||||||
@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
|
|||||||
|
|
||||||
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
|
- <https://www.microsoft.com/download/details.aspx?id=1251>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
|
- <https://www.microsoft.com/download/details.aspx?id=30688>
|
||||||
|
|
||||||
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
||||||
|
|
||||||
|
|||||||
@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
|
|||||||
|
|
||||||
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
|
- <https://www.microsoft.com/download/details.aspx?id=1251>
|
||||||
|
|
||||||
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
|
- <https://www.microsoft.com/download/details.aspx?id=30688>
|
||||||
|
|
||||||
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.
|
||||||
|
|
||||||
|
|||||||
@ -77,7 +77,7 @@ You can use existing System Center Configuration Manager functionality to create
|
|||||||
>
|
>
|
||||||
> This can be accomplished by creating a detection rule checking if the "OnboardingState" registry value (of type REG_DWORD) = 1.
|
> This can be accomplished by creating a detection rule checking if the "OnboardingState" registry value (of type REG_DWORD) = 1.
|
||||||
> This registry value is located under "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status".
|
> This registry value is located under "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status".
|
||||||
Refer to the following ConfigMgr article for more information: https://docs.microsoft.com/en-us/configmgr/apps/deploy-use/create-applications#bkmk_detect-rule
|
Refer to the following ConfigMgr article for more information: https://docs.microsoft.com/configmgr/apps/deploy-use/create-applications#bkmk_detect-rule
|
||||||
|
|
||||||
|
|
||||||
### Configure sample collection settings
|
### Configure sample collection settings
|
||||||
|
|||||||
Reference in New Issue
Block a user