mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-13 13:57:22 +00:00
Brian Lich
commit
d35840798e
@ -160,7 +160,7 @@ The main difference with “[4656](event-4656.md): A handle to an object was req
|
|||||||
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**). <br>**AddSubdirectory -** For a directory, the right to create a subdirectory.<br>**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
|
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**). <br>**AddSubdirectory -** For a directory, the right to create a subdirectory.<br>**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
|
||||||
| ReadEA<br>(For registry objects, this is “Enumerate sub-keys.”) | 0x8 | The right to read extended file attributes. |
|
| ReadEA<br>(For registry objects, this is “Enumerate sub-keys.”) | 0x8 | The right to read extended file attributes. |
|
||||||
| WriteEA | 0x10 | The right to write extended file attributes. |
|
| WriteEA | 0x10 | The right to write extended file attributes. |
|
||||||
| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.<br>**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
|
| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.<br>**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING**  [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE**  [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
|
||||||
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
|
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
|
||||||
| ReadAttributes | 0x80 | The right to read file attributes. |
|
| ReadAttributes | 0x80 | The right to read file attributes. |
|
||||||
| WriteAttributes | 0x100 | The right to write file attributes. |
|
| WriteAttributes | 0x100 | The right to write file attributes. |
|
||||||
|
|||||||
@ -135,7 +135,7 @@ This event is generated only on domain controllers.
|
|||||||
| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.<br>Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview. |
|
| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.<br>Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview. |
|
||||||
| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Evaluated only on Windows Server 2016 Technical Preview<br>Evaluated only if SID Filtering is used.<br>Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater. |
|
| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Evaluated only on Windows Server 2016 Technical Preview<br>Evaluated only if SID Filtering is used.<br>Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater. |
|
||||||
|
|
||||||
- **SID Filtering** \[Type = UnicodeString\]**:** [SID Filtering](https://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx) state for the new trust:
|
- **SID Filtering** \[Type = UnicodeString\]: [SID Filtering](https://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx) state for the new trust:
|
||||||
|
|
||||||
- Enabled
|
- Enabled
|
||||||
|
|
||||||
|
|||||||
@ -135,7 +135,7 @@ This event is generated only on domain controllers.
|
|||||||
| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.<br>Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview. |
|
| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.<br>Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview. |
|
||||||
| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Evaluated only on Windows Server 2016 Technical Preview<br>Evaluated only if SID Filtering is used.<br>Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater. |
|
| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Evaluated only on Windows Server 2016 Technical Preview<br>Evaluated only if SID Filtering is used.<br>Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater. |
|
||||||
|
|
||||||
- **SID Filtering** \[Type = UnicodeString\]**:** [SID Filtering](https://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx) state for the new trust:
|
- **SID Filtering** \[Type = UnicodeString\]: [SID Filtering](https://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx) state for the new trust:
|
||||||
|
|
||||||
- Enabled
|
- Enabled
|
||||||
|
|
||||||
|
|||||||
@ -143,7 +143,7 @@ This event generates when Dynamic Access Control Proposed [Central Access Policy
|
|||||||
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**). <br>**AddSubdirectory -** For a directory, the right to create a subdirectory.<br>**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
|
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**). <br>**AddSubdirectory -** For a directory, the right to create a subdirectory.<br>**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
|
||||||
| ReadEA | 0x8 | The right to read extended file attributes. |
|
| ReadEA | 0x8 | The right to read extended file attributes. |
|
||||||
| WriteEA | 0x10 | The right to write extended file attributes. |
|
| WriteEA | 0x10 | The right to write extended file attributes. |
|
||||||
| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.<br>**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
|
| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.<br>**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING**  [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE**  [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
|
||||||
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
|
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
|
||||||
| ReadAttributes | 0x80 | The right to read file attributes. |
|
| ReadAttributes | 0x80 | The right to read file attributes. |
|
||||||
| WriteAttributes | 0x100 | The right to write file attributes. |
|
| WriteAttributes | 0x100 | The right to write file attributes. |
|
||||||
@ -189,7 +189,7 @@ This event generates when Dynamic Access Control Proposed [Central Access Policy
|
|||||||
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**). <br>**AddSubdirectory -** For a directory, the right to create a subdirectory.<br>**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
|
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**). <br>**AddSubdirectory -** For a directory, the right to create a subdirectory.<br>**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
|
||||||
| ReadEA | 0x8 | The right to read extended file attributes. |
|
| ReadEA | 0x8 | The right to read extended file attributes. |
|
||||||
| WriteEA | 0x10 | The right to write extended file attributes. |
|
| WriteEA | 0x10 | The right to write extended file attributes. |
|
||||||
| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.<br>**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
|
| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.<br>**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING**  [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE**  [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
|
||||||
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
|
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
|
||||||
| ReadAttributes | 0x80 | The right to read file attributes. |
|
| ReadAttributes | 0x80 | The right to read file attributes. |
|
||||||
| WriteAttributes | 0x100 | The right to write file attributes. |
|
| WriteAttributes | 0x100 | The right to write file attributes. |
|
||||||
|
|||||||
@ -144,7 +144,7 @@ This event generates every time network share object (file or folder) was access
|
|||||||
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**). <br>**AddSubdirectory -** For a directory, the right to create a subdirectory.<br>**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
|
| AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**). <br>**AddSubdirectory -** For a directory, the right to create a subdirectory.<br>**CreatePipeInstance -** For a named pipe, the right to create a pipe. |
|
||||||
| ReadEA | 0x8 | The right to read extended file attributes. |
|
| ReadEA | 0x8 | The right to read extended file attributes. |
|
||||||
| WriteEA | 0x10 | The right to write extended file attributes. |
|
| WriteEA | 0x10 | The right to write extended file attributes. |
|
||||||
| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.<br>**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
|
| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.<br>**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING**  [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE**  [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. |
|
||||||
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
|
| DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. |
|
||||||
| ReadAttributes | 0x80 | The right to read file attributes. |
|
| ReadAttributes | 0x80 | The right to read file attributes. |
|
||||||
| WriteAttributes | 0x100 | The right to write file attributes. |
|
| WriteAttributes | 0x100 | The right to write file attributes. |
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user