mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-19 20:33:42 +00:00
Updated for 5358843-files76to100
This commit is contained in:
Ashok Lobo
@ -14,14 +14,12 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.technology: mde
|
ms.technology: mde
|
||||||
---
|
---
|
||||||
|
|
||||||
# Create a basic audit policy for an event category
|
# Create a basic audit policy for an event category
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
|
|
||||||
By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization. On devices that are joined to a domain, auditing settings for the event categories are undefined by default. On domain controllers, auditing is turned on by default.
|
By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization. On devices that are joined to a domain, auditing settings for the event categories are undefined by default. On domain controllers, auditing is turned on by default.
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 1100(S): The event logging service has shut down.
|
# 1100(S): The event logging service has shut down.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-1100.png" alt="Event 1100 illustration" width="449" height="317" hspace="10" align="left" />
|
<img src="images/event-1100.png" alt="Event 1100 illustration" width="449" height="317" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 1102(S): The audit log was cleared.
|
# 1102(S): The audit log was cleared.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-1102.png" alt="Event 1102 illustration" width="449" height="336" hspace="10" align="left" />
|
<img src="images/event-1102.png" alt="Event 1102 illustration" width="449" height="336" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 1104(S): The security log is now full.
|
# 1104(S): The security log is now full.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-1104.png" alt="Event 1104 illustration" width="449" height="317" hspace="10" align="left" />
|
<img src="images/event-1104.png" alt="Event 1104 illustration" width="449" height="317" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 1105(S): Event log automatic backup
|
# 1105(S): Event log automatic backup
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-1105.png" alt="Event 1105 illustration" width="572" height="317" hspace="10" align="left" />
|
<img src="images/event-1105.png" alt="Event 1105 illustration" width="572" height="317" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
|
# 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-1108.png" alt="Event 1108 illustration" width="613" height="429" hspace="10" align="left" />
|
<img src="images/event-1108.png" alt="Event 1108 illustration" width="613" height="429" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4608(S): Windows is starting up.
|
# 4608(S): Windows is starting up.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4608.png" alt="Event 4608 illustration" width="449" height="317" hspace="10" align="top" />
|
<img src="images/event-4608.png" alt="Event 4608 illustration" width="449" height="317" hspace="10" align="top" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4610(S): An authentication package has been loaded by the Local Security Authority.
|
# 4610(S): An authentication package has been loaded by the Local Security Authority.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4610.png" alt="Event 4610 illustration" width="656" height="317" hspace="10" align="left" />
|
<img src="images/event-4610.png" alt="Event 4610 illustration" width="656" height="317" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4611(S): A trusted logon process has been registered with the Local Security Authority.
|
# 4611(S): A trusted logon process has been registered with the Local Security Authority.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4611.png" alt="Event 4611 illustration" width="449" height="393" hspace="10" align="left" />
|
<img src="images/event-4611.png" alt="Event 4611 illustration" width="449" height="393" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
|
# 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk.
|
This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk.
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4614(S): A notification package has been loaded by the Security Account Manager.
|
# 4614(S): A notification package has been loaded by the Security Account Manager.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4614.png" alt="Event 4614 illustration" width="449" height="317" hspace="10" align="left" />
|
<img src="images/event-4614.png" alt="Event 4614 illustration" width="449" height="317" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4615(S): Invalid use of LPC port.
|
# 4615(S): Invalid use of LPC port.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
It appears that this event never occurs.
|
It appears that this event never occurs.
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4616(S): The system time was changed.
|
# 4616(S): The system time was changed.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4616.png" alt="Event 4616 illustration" width="522" height="518" hspace="10" align="top" />
|
<img src="images/event-4616.png" alt="Event 4616 illustration" width="522" height="518" hspace="10" align="top" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4618(S): A monitored security event pattern has occurred.
|
# 4618(S): A monitored security event pattern has occurred.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
***Subcategory:*** [Audit System Integrity](audit-system-integrity.md)
|
***Subcategory:*** [Audit System Integrity](audit-system-integrity.md)
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,9 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4621(S): Administrator recovered system from CrashOnAuditFail.
|
# 4621(S): Administrator recovered system from CrashOnAuditFail.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
This event is logged after a system reboots following [CrashOnAuditFail](/previous-versions/windows/it-pro/windows-2000-server/cc963220(v=technet.10)?f=255&MSPPError=-2147217396). It generates when CrashOnAuditFail = 2.
|
This event is logged after a system reboots following [CrashOnAuditFail](/previous-versions/windows/it-pro/windows-2000-server/cc963220(v=technet.10)?f=255&MSPPError=-2147217396). It generates when CrashOnAuditFail = 2.
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4622(S): A security package has been loaded by the Local Security Authority.
|
# 4622(S): A security package has been loaded by the Local Security Authority.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4622.png" alt="Event 4622 illustration" width="449" height="317" hspace="10" align="left" />
|
<img src="images/event-4622.png" alt="Event 4622 illustration" width="449" height="317" hspace="10" align="left" />
|
||||||
|
|
||||||
@ -101,4 +97,4 @@ These are some Security Package DLLs loaded by default in Windows 10:
|
|||||||
|
|
||||||
For 4622(S): A security package has been loaded by the Local Security Authority.
|
For 4622(S): A security package has been loaded by the Local Security Authority.
|
||||||
|
|
||||||
- Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allow list or not.
|
- Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allowlist or not.
|
||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4624(S): An account was successfully logged on.
|
# 4624(S): An account was successfully logged on.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4624.png" alt="Event 4624 illustration" width="438" height="668" hspace="10" />
|
<img src="images/event-4624.png" alt="Event 4624 illustration" width="438" height="668" hspace="10" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4625(F): An account failed to log on.
|
# 4625(F): An account failed to log on.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4625.png" alt="Event 4625 illustration" width="449" height="780" hspace="10" align="top" />
|
<img src="images/event-4625.png" alt="Event 4625 illustration" width="449" height="780" hspace="10" align="top" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4626(S): User/Device claims information.
|
# 4626(S): User/Device claims information.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4626.png" alt="Event 4626 illustration" width="549" height="771" hspace="10" align="left" />
|
<img src="images/event-4626.png" alt="Event 4626 illustration" width="549" height="771" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4627(S): Group membership information.
|
# 4627(S): Group membership information.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4627.png" alt="Event 4627 illustration" width="554" height="896" hspace="10" align="left" />
|
<img src="images/event-4627.png" alt="Event 4627 illustration" width="554" height="896" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 11/20/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4634(S): An account was logged off.
|
# 4634(S): An account was logged off.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4634.png" alt="Event 4634 illustration" width="449" height="431" hspace="10" align="left" />
|
<img src="images/event-4634.png" alt="Event 4634 illustration" width="449" height="431" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4647(S): User initiated logoff.
|
# 4647(S): User initiated logoff.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4647.png" alt="Event 4647 illustration" width="449" height="392" hspace="10" align="left" />
|
<img src="images/event-4647.png" alt="Event 4647 illustration" width="449" height="392" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4648(S): A logon was attempted using explicit credentials.
|
# 4648(S): A logon was attempted using explicit credentials.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4648.png" alt="Event 4648 illustration" width="486" height="663" hspace="10" align="left" />
|
<img src="images/event-4648.png" alt="Event 4648 illustration" width="486" height="663" hspace="10" align="left" />
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4649(S): A replay attack was detected.
|
# 4649(S): A replay attack was detected.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
This event generates on domain controllers when **KRB\_AP\_ERR\_REPEAT** Kerberos response was sent to the client.
|
This event generates on domain controllers when **KRB\_AP\_ERR\_REPEAT** Kerberos response was sent to the client.
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 04/19/2017
|
ms.date: 09/07/2021
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -16,10 +16,6 @@ ms.technology: mde
|
|||||||
|
|
||||||
# 4656(S, F): A handle to an object was requested.
|
# 4656(S, F): A handle to an object was requested.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows Server 2016
|
|
||||||
|
|
||||||
|
|
||||||
<img src="images/event-4656.png" alt="Event 4656 illustration" width="764" height="895"/>
|
<img src="images/event-4656.png" alt="Event 4656 illustration" width="764" height="895"/>
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user