Updated for 5358843-files176to200

2025-05-13 13:57:22 +00:00 · 2021-09-07 18:02:06 +05:30 · 2021-09-07 18:02:06 +05:30 · c3fbd0d66d
commit c3fbd0d66d
parent 607c914c8d
25 changed files with 25 additions and 125 deletions
--- a/windows/security/threat-protection/auditing/event-4777.md
+++ b/windows/security/threat-protection/auditing/event-4777.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4777(F): The domain controller failed to validate the credentials for an account.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. [4776](event-4776.md) failure event is generated instead.
--- a/windows/security/threat-protection/auditing/event-4778.md
+++ b/windows/security/threat-protection/auditing/event-4778.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4778(S): A session was reconnected to a Window Station.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4778.png" alt="Event 4778 illustration" width="449" height="491" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4779.md
+++ b/windows/security/threat-protection/auditing/event-4779.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4779(S): A session was disconnected from a Window Station.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4779.png" alt="Event 4779 illustration" width="449" height="504" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4780.md
+++ b/windows/security/threat-protection/auditing/event-4780.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4780(S): The ACL was set on accounts which are members of administrators groups.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Every hour, the domain controller that holds the primary domain controller (PDC) Flexible Single Master Operation (FSMO) role compares the ACL on all security principal accounts (users, groups, and machine accounts) present for its domain in Active Directory and that are in administrative or security-sensitive groups and which have AdminCount attribute = 1 against the ACL on the [AdminSDHolder](/previous-versions/technet-magazine/ee361593(v=msdn.10)) object. If the ACL on the principal account differs from the ACL on the AdminSDHolder object, then the ACL on the principal account is reset to match the ACL on the AdminSDHolder object and this event is generated.
--- a/windows/security/threat-protection/auditing/event-4781.md
+++ b/windows/security/threat-protection/auditing/event-4781.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4781(S): The name of an account was changed.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4781.png" alt="Event 4781 illustration" width="449" height="474" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4782.md
+++ b/windows/security/threat-protection/auditing/event-4782.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4782(S): The password hash of an account was accessed.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4782.png" alt="Event 4782 illustration" width="449" height="407" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4793.md
+++ b/windows/security/threat-protection/auditing/event-4793.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4793(S): The Password Policy Checking API was called.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4793.png" alt="Event 4793 illustration" width="449" height="419" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4794.md
+++ b/windows/security/threat-protection/auditing/event-4794.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4794.png" alt="Event 4794 illustration" width="449" height="418" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4798.md
+++ b/windows/security/threat-protection/auditing/event-4798.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4798(S): A user's local group membership was enumerated.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4798.png" alt="Event 4798 illustration" width="438" height="402" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4799.md
+++ b/windows/security/threat-protection/auditing/event-4799.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4799(S): A security-enabled local group membership was enumerated.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4799.png" alt="Event 4799 illustration" width="438" height="402" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4800.md
+++ b/windows/security/threat-protection/auditing/event-4800.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4800(S): The workstation was locked.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4800.png" alt="Event 4800 illustration" width="449" height="364" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4801.md
+++ b/windows/security/threat-protection/auditing/event-4801.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4801(S): The workstation was unlocked.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4801.png" alt="Event 4801 illustration" width="449" height="364" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4802.md
+++ b/windows/security/threat-protection/auditing/event-4802.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4802(S): The screen saver was invoked.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4802.png" alt="Event 4802 illustration" width="449" height="363" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4803.md
+++ b/windows/security/threat-protection/auditing/event-4803.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4803(S): The screen saver was dismissed.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4803.png" alt="Event 4803 illustration" width="449" height="363" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4816.md
+++ b/windows/security/threat-protection/auditing/event-4816.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4816(S): RPC detected an integrity violation while decrypting an incoming message.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 This message generates if RPC detected an integrity violation while decrypting an incoming message.
--- a/windows/security/threat-protection/auditing/event-4817.md
+++ b/windows/security/threat-protection/auditing/event-4817.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4817(S): Auditing settings on object were changed.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4817.png" alt="Event 4817 illustration" width="616" height="480" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4818.md
+++ b/windows/security/threat-protection/auditing/event-4818.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4818.png" alt="Event 4818 illustration" width="727" height="725" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4819.md
+++ b/windows/security/threat-protection/auditing/event-4819.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4819(S): Central Access Policies on the machine have been changed.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4819.png" alt="Event 4819 illustration" width="449" height="540" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4826.md
+++ b/windows/security/threat-protection/auditing/event-4826.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4826(S): Boot Configuration Data loaded.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4826.png" alt="Event 4826 illustration" width="438" height="494" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4864.md
+++ b/windows/security/threat-protection/auditing/event-4864.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4864(S): A namespace collision was detected.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 This event is generated when a namespace collision was detected.
--- a/windows/security/threat-protection/auditing/event-4865.md
+++ b/windows/security/threat-protection/auditing/event-4865.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4865(S): A trusted forest information entry was added.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4865.png" alt="Event 4865 illustration" width="449" height="502" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4866.md
+++ b/windows/security/threat-protection/auditing/event-4866.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4866(S): A trusted forest information entry was removed.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4866.png" alt="Event 4866 illustration" width="449" height="502" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4867.md
+++ b/windows/security/threat-protection/auditing/event-4867.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4867(S): A trusted forest information entry was modified.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4867.png" alt="Event 4867 illustration" width="449" height="502" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4902.md
+++ b/windows/security/threat-protection/auditing/event-4902.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4902(S): The Per-user audit policy table was created.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4902.png" alt="Event 4902 illustration" width="449" height="317" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4904.md
+++ b/windows/security/threat-protection/auditing/event-4904.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4904(S): An attempt was made to register a security event source.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4904.png" alt="Event 4904 illustration" width="449" height="462" hspace="10" align="left" />