mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 21:37:22 +00:00
massive prod & technology metadata update
This commit is contained in:
Daniel Simpson
parent
8c804c84ca
commit
c93d7f2b6c
@ -4,7 +4,7 @@ description: This reference for IT professionals provides information about the
|
||||
ms.assetid: 93b28b92-796f-4036-a53b-8b9e80f9f171
|
||||
ms.reviewer: This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Advanced security audit policy settings
|
||||
|
||||
@ -4,7 +4,7 @@ description: This topic for the IT professional lists questions and answers abou
|
||||
ms.assetid: 80f8f187-0916-43c2-a7e8-ea712b115a06
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Advanced security auditing FAQ
|
||||
|
||||
@ -4,7 +4,7 @@ description: Advanced security audit policy settings may appear to overlap with
|
||||
ms.assetid: 6FE8AC10-F48E-4BBF-979B-43A5DFDC5DFC
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Advanced security audit policies
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Appendix A, Security monitoring recommendations for many audit events (Windows 10)
|
||||
description: Learn about recommendations for the type of monitoring required for certain classes of security audit events.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Appendix A: Security monitoring recommendations for many audit events
|
||||
|
||||
@ -4,7 +4,7 @@ description: Apply audit policies to individual files and folders on your comput
|
||||
ms.assetid: 565E7249-5CD0-4B2E-B2C0-B3A0793A51E2
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 07/25/2018
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Apply a basic audit policy on a file or folder
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 07/16/2018
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Account Lockout
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Application Generated
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Application Group Management
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Audit Policy Change
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Authentication Policy Change
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Authorization Policy Change
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Central Access Policy Staging
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Certification Services
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Computer Account Management
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Credential Validation
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Detailed Directory Service Replication
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Detailed File Share
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Directory Service Access
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Directory Service Changes
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Directory Service Replication
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Distribution Group Management
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit DPAPI Activity
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit File Share
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit File System
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Filtering Platform Connection
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Filtering Platform Packet Drop
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Filtering Platform Policy Change
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Group Membership
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Handle Manipulation
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 10/02/2018
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit IPsec Driver
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 10/02/2018
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit IPsec Extended Mode
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 10/02/2018
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit IPsec Main Mode
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 10/02/2018
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit IPsec Quick Mode
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Kerberos Authentication Service
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Kerberos Service Ticket Operations
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Kernel Object
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 07/16/2018
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Logoff
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Logon
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit MPSSVC Rule-Level Policy Change
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Network Policy Server
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Non-Sensitive Privilege Use
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Other Account Logon Events
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Other Account Management Events
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Other Logon/Logoff Events
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 05/29/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Other Object Access Events
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Other Policy Change Events
|
||||
|
||||
@ -2,16 +2,17 @@
|
||||
title: Audit Other Privilege Use Events (Windows 10)
|
||||
description: Learn about the audit other privilege use events, an auditing subcategory that should not have any events in it but enables generation of event 4985(S).
|
||||
ms.assetid: 5f7f5b25-42a6-499f-8aa2-01ac79a2a63c
|
||||
ms.reviewer:
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Other Privilege Use Events
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Other System Events
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit PNP Activity
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Process Creation
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Process Termination
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Registry
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Removable Storage
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit RPC Events
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit SAM
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 02/28/2019
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Security Group Management
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Security State Change
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Security System Extension
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Sensitive Privilege Use
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Special Logon
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit System Integrity
|
||||
|
||||
@ -5,7 +5,8 @@ manager: dansimp
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit Token Right Adjusted
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit User Account Management
|
||||
|
||||
@ -6,12 +6,13 @@ ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
author: dansimp
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit User/Device Claims
|
||||
|
||||
@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user logging on to o
|
||||
ms.assetid: 84B44181-E325-49A1-8398-AECC3CE0A516
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit account logon events
|
||||
|
||||
@ -4,7 +4,7 @@ description: Determines whether to audit each event of account management on a d
|
||||
ms.assetid: 369197E1-7E0E-45A4-89EA-16D91EF01689
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit account management
|
||||
|
||||
@ -4,7 +4,7 @@ description: Determines whether to audit the event of a user accessing an Active
|
||||
ms.assetid: 52F02EED-3CFE-4307-8D06-CF1E27693D09
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit directory service access
|
||||
|
||||
@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user logging on to o
|
||||
ms.assetid: 78B5AFCB-0BBD-4C38-9FE9-6B4571B94A35
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit logon events
|
||||
|
||||
@ -4,7 +4,7 @@ description: The policy setting, Audit object access, determines whether to audi
|
||||
ms.assetid: D15B6D67-7886-44C2-9972-3F192D5407EA
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit object access
|
||||
|
||||
@ -4,7 +4,7 @@ description: Determines whether to audit every incident of a change to user righ
|
||||
ms.assetid: 1025A648-6B22-4C85-9F47-FE0897F1FA31
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit policy change
|
||||
|
||||
@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user exercising a us
|
||||
ms.assetid: C5C6DAAF-8B58-4DFB-B1CE-F0675AE0E9F8
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit privilege use
|
||||
|
||||
@ -4,7 +4,7 @@ description: Determines whether to audit detailed tracking information for event
|
||||
ms.assetid: 91AC5C1E-F4DA-4B16-BEE2-C92D66E4CEEA
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit process tracking
|
||||
|
||||
@ -4,7 +4,7 @@ description: Determines whether to audit when a user restarts or shuts down the
|
||||
ms.assetid: BF27588C-2AA7-4365-A4BF-3BB377916447
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Audit system events
|
||||
|
||||
@ -4,7 +4,7 @@ description: Learn about basic security audit policies that specify the categori
|
||||
ms.assetid: 3B678568-7AD7-4734-9BB4-53CF5E04E1D3
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Basic security audit policies
|
||||
|
||||
@ -4,7 +4,7 @@ description: Basic security audit policy settings are found under Computer Confi
|
||||
ms.assetid: 31C2C453-2CFC-4D9E-BC88-8CE1C1A8F900
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Basic security audit policy settings
|
||||
|
||||
@ -4,7 +4,7 @@ description: By defining auditing settings for specific event categories, you ca
|
||||
ms.assetid: C9F52751-B40D-482E-BE9D-2C61098249D3
|
||||
ms.reviewer:
|
||||
ms.author: dansimp
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
@ -15,6 +15,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Create a basic audit policy for an event category
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 1100(S) The event logging service has shut down. (Windows 10)
|
||||
description: Describes security event 1100(S) The event logging service has shut down.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 1100(S): The event logging service has shut down.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 1102(S) The audit log was cleared. (Windows 10)
|
||||
description: Though you shouldn't normally see it, this event generates every time Windows Security audit log is cleared. This is for event 1102(S).
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 1102(S): The audit log was cleared.
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
title: 1104(S) The security log is now full. (Windows 10)
|
||||
description: This event generates every time Windows security log becomes full and the event log retention method is set to "Do not overwrite events."
|
||||
description: This event generates every time Windows security log becomes full and the event log retention method is set to Do not overwrite events.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 1104(S): The security log is now full.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 1105(S) Event log automatic backup. (Windows 10)
|
||||
description: This event generates every time Windows security log becomes full and new event log file was created.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 1105(S): Event log automatic backup
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: The event logging service encountered an error (Windows 10)
|
||||
description: Describes security event 1108(S) The event logging service encountered an error while processing an incoming event published from %1.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4608(S) Windows is starting up. (Windows 10)
|
||||
description: Describes security event 4608(S) Windows is starting up. This event is logged when the LSASS.EXE process starts and the auditing subsystem is initialized.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4608(S): Windows is starting up.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4610(S) An authentication package has been loaded by the Local Security Authority. (Windows 10)
|
||||
description: Describes security event 4610(S) An authentication package has been loaded by the Local Security Authority.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4610(S): An authentication package has been loaded by the Local Security Authority.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4611(S) A trusted logon process has been registered with the Local Security Authority. (Windows 10)
|
||||
description: Describes security event 4611(S) A trusted logon process has been registered with the Local Security Authority.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4611(S): A trusted logon process has been registered with the Local Security Authority.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4612(S) Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. (Windows 10)
|
||||
description: Describes security event 4612(S) Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4614(S) A notification package has been loaded by the Security Account Manager. (Windows 10)
|
||||
description: Describes security event 4614(S) A notification package has been loaded by the Security Account Manager.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4614(S): A notification package has been loaded by the Security Account Manager.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4615(S) Invalid use of LPC port. (Windows 10)
|
||||
description: Describes security event 4615(S) Invalid use of LPC port. It appears that the Invalid use of LPC port event never occurs.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4615(S): Invalid use of LPC port.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4616(S) The system time was changed. (Windows 10)
|
||||
description: Describes security event 4616(S) The system time was changed. This event is generated every time system time is changed.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4616(S): The system time was changed.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4618(S) A monitored security event pattern has occurred. (Windows 10)
|
||||
description: Describes security event 4618(S) A monitored security event pattern has occurred.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4618(S): A monitored security event pattern has occurred.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4621(S) Administrator recovered system from CrashOnAuditFail. (Windows 10)
|
||||
description: Describes security event 4621(S) Administrator recovered system from CrashOnAuditFail.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4621(S): Administrator recovered system from CrashOnAuditFail.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4622(S) A security package has been loaded by the Local Security Authority. (Windows 10)
|
||||
description: Describes security event 4622(S) A security package has been loaded by the Local Security Authority.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4622(S): A security package has been loaded by the Local Security Authority.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4624(S) An account was successfully logged on. (Windows 10)
|
||||
description: Describes security event 4624(S) An account was successfully logged on.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4624(S): An account was successfully logged on.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4625(F) An account failed to log on. (Windows 10)
|
||||
description: Describes security event 4625(F) An account failed to log on. This event is generated if an account logon attempt failed for a locked out account.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4625(F): An account failed to log on.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4626(S) User/Device claims information. (Windows 10)
|
||||
description: Describes security event 4626(S) User/Device claims information. This event is generated for new account logons.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4626(S): User/Device claims information.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4627(S) Group membership information. (Windows 10)
|
||||
description: Describes security event 4627(S) Group membership information. This event is generated with event 4624(S) An account was successfully logged on.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4627(S): Group membership information.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4634(S) An account was logged off. (Windows 10)
|
||||
description: Describes security event 4634(S) An account was logged off. This event is generated when a logon session is terminated and no longer exists.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 11/20/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4634(S): An account was logged off.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4647(S) User initiated logoff. (Windows 10)
|
||||
description: Describes security event 4647(S) User initiated logoff. This event is generated when a logoff is initiated. No further user-initiated activity can occur.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4647(S): User initiated logoff.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4648(S) A logon was attempted using explicit credentials. (Windows 10)
|
||||
description: Describes security event 4648(S) A logon was attempted using explicit credentials.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4648(S): A logon was attempted using explicit credentials.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4649(S) A replay attack was detected. (Windows 10)
|
||||
description: Describes security event 4649(S) A replay attack was detected. This event is generated when a KRB_AP_ERR_REPEAT Kerberos response is sent to the client.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4649(S): A replay attack was detected.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: 4656(S, F) A handle to an object was requested. (Windows 10)
|
||||
description: Describes security event 4656(S, F) A handle to an object was requested.
|
||||
ms.pagetype: security
|
||||
ms.prod: w10
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: none
|
||||
@ -11,6 +11,7 @@ ms.date: 04/19/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.author: dansimp
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# 4656(S, F): A handle to an object was requested.
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user