diff --git a/windows/keep-secure/event-4663.md b/windows/keep-secure/event-4663.md
index 73acf9d590..b61d2cb59a 100644
--- a/windows/keep-secure/event-4663.md
+++ b/windows/keep-secure/event-4663.md
@@ -160,7 +160,7 @@ The main difference with “[4656](event-4656.md): A handle to an object was req
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**).
**AddSubdirectory -** For a directory, the right to create a subdirectory.
**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
| ReadEA
(For registry objects, this is “Enumerate sub-keys.”) | 0x8 | The right to read extended file attributes. |
| WriteEA | 0x10 | The right to write extended file attributes. |
-| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.
**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
+| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.
**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
| ReadAttributes | 0x80 | The right to read file attributes. |
| WriteAttributes | 0x100 | The right to write file attributes. |
diff --git a/windows/keep-secure/event-4706.md b/windows/keep-secure/event-4706.md
index d78f4c5496..92a9152b46 100644
--- a/windows/keep-secure/event-4706.md
+++ b/windows/keep-secure/event-4706.md
@@ -135,7 +135,7 @@ This event is generated only on domain controllers.
| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.
Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview. |
| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.
Evaluated only on Windows Server 2016 Technical Preview
Evaluated only if SID Filtering is used.
Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater. |
-- **SID Filtering** \[Type = UnicodeString\]**:** [SID Filtering](https://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx) state for the new trust:
+- **SID Filtering** \[Type = UnicodeString\]: [SID Filtering](https://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx) state for the new trust:
- Enabled
diff --git a/windows/keep-secure/event-4716.md b/windows/keep-secure/event-4716.md
index 9e6554ec48..bef6704947 100644
--- a/windows/keep-secure/event-4716.md
+++ b/windows/keep-secure/event-4716.md
@@ -135,7 +135,7 @@ This event is generated only on domain controllers.
| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.
Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview. |
| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.
Evaluated only on Windows Server 2016 Technical Preview
Evaluated only if SID Filtering is used.
Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater. |
-- **SID Filtering** \[Type = UnicodeString\]**:** [SID Filtering](https://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx) state for the new trust:
+- **SID Filtering** \[Type = UnicodeString\]: [SID Filtering](https://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx) state for the new trust:
- Enabled
diff --git a/windows/keep-secure/event-4818.md b/windows/keep-secure/event-4818.md
index e274c09dd1..d656ffb3a9 100644
--- a/windows/keep-secure/event-4818.md
+++ b/windows/keep-secure/event-4818.md
@@ -143,7 +143,7 @@ This event generates when Dynamic Access Control Proposed [Central Access Policy
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**).
**AddSubdirectory -** For a directory, the right to create a subdirectory.
**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
| ReadEA | 0x8 | The right to read extended file attributes. |
| WriteEA | 0x10 | The right to write extended file attributes. |
-| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.
**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
+| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.
**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
| ReadAttributes | 0x80 | The right to read file attributes. |
| WriteAttributes | 0x100 | The right to write file attributes. |
@@ -189,7 +189,7 @@ This event generates when Dynamic Access Control Proposed [Central Access Policy
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**).
**AddSubdirectory -** For a directory, the right to create a subdirectory.
**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
| ReadEA | 0x8 | The right to read extended file attributes. |
| WriteEA | 0x10 | The right to write extended file attributes. |
-| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.
**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
+| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.
**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
| ReadAttributes | 0x80 | The right to read file attributes. |
| WriteAttributes | 0x100 | The right to write file attributes. |
diff --git a/windows/keep-secure/event-5145.md b/windows/keep-secure/event-5145.md
index 5d0b69b45d..b03081c706 100644
--- a/windows/keep-secure/event-5145.md
+++ b/windows/keep-secure/event-5145.md
@@ -144,7 +144,7 @@ This event generates every time network share object (file or folder) was access
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**).
**AddSubdirectory -** For a directory, the right to create a subdirectory.
**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
| ReadEA | 0x8 | The right to read extended file attributes. |
| WriteEA | 0x10 | The right to write extended file attributes. |
-| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.
**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
+| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.
**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
| ReadAttributes | 0x80 | The right to read file attributes. |
| WriteAttributes | 0x100 | The right to write file attributes. |