mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-18 11:53:37 +00:00
Aaron Czechowski
GitHub
@ -164,9 +164,9 @@ This event generates only if Success auditing is enabled for the [Audit Handle M
|
||||
|
||||
> **Note** **GUID** is an acronym for 'Globally Unique Identifier'. It is a 128-bit integer number used to identify resources, activities or instances.
|
||||
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
|
||||
|
||||
- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
|
||||
- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
|
||||
|
||||
- **Privileges Used for Access Check** \[Type = UnicodeString\]: the list of user privileges which were used during the operation, for example, SeBackupPrivilege. This parameter might not be captured in the event, and in that case appears as “-”. See full list of user privileges in the table below:
|
||||
|
||||
|
||||
@ -126,9 +126,9 @@ These events are generated for [ALPC Ports](/windows/win32/etw/alpc) access requ
|
||||
|
||||
**Access Request Information:**
|
||||
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. “Table 13. File access codes.” contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
|
||||
|
||||
- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
|
||||
- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
|
||||
|
||||
## Security Monitoring Recommendations
|
||||
|
||||
|
||||
@ -133,7 +133,7 @@ This event generates once per session, when first access attempt was made.
|
||||
|
||||
**Access Request Information:**
|
||||
|
||||
- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights. Has always “**0x1**” value for this event.
|
||||
- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights. It always has “**0x1**” value for this event.
|
||||
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. Has always “**ReadData (or ListDirectory)**” value for this event.
|
||||
|
||||
|
||||
@ -135,7 +135,7 @@ This event generates every time network share object (file or folder) was access
|
||||
|
||||
**Access Request Information:**
|
||||
|
||||
- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights.
|
||||
- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights.
|
||||
|
||||
- **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user