From 2598f45b76c0d0dd63f32ee0a4533d92fe82a3c4 Mon Sep 17 00:00:00 2001
From: JanKeller1 <v-jak@microsoft.com>
Date: Fri, 27 May 2016 16:12:49 -0700
Subject: [PATCH 1/2] Update event-5145.md

---
 windows/keep-secure/event-5145.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/keep-secure/event-5145.md b/windows/keep-secure/event-5145.md
index a393e248f8..cc96df0ac9 100644
--- a/windows/keep-secure/event-5145.md
+++ b/windows/keep-secure/event-5145.md
@@ -178,7 +178,9 @@ REQUSTED\_ACCESS: RESULT ACE\_WHICH\_ ALLOWED\_OR\_DENIED\_ACCESS.
 > *O*:BA*G*:SY*D*:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0×7;;;BA)*S*:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
 
 > - *O*: = Owner. SID of specific security principal, or reserved (pre-defined) value, for example: BA (BUILTIN\_ADMINISTRATORS), WD (Everyone), SY (LOCAL\_SYSTEM), etc. 
-> See the list of possible values in the table below:
+> See the list of possible values in the table below.
+
+## SDDL values for Access Control Entry
 
 | Value | Description                          | Value | Description                     |
 |-------|--------------------------------------|-------|---------------------------------|

From fa8ea4e6c76e2c570e753be255b0a029c418568c Mon Sep 17 00:00:00 2001
From: JanKeller1 <v-jak@microsoft.com>
Date: Fri, 27 May 2016 16:58:33 -0700
Subject: [PATCH 2/2] Update event-4624.md

---
 windows/keep-secure/event-4624.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/windows/keep-secure/event-4624.md b/windows/keep-secure/event-4624.md
index 00d68bd872..04a9413978 100644
--- a/windows/keep-secure/event-4624.md
+++ b/windows/keep-secure/event-4624.md
@@ -135,7 +135,9 @@ This event generates when a logon session is created (on destination machine). I
 
 **Logon Information** \[Version 2\]**: **
 
--   **Logon Type** \[Version 0, 1, 2\] \[Type = UInt32\]**:** the type of logon which was performed. The table below contains the list of possible values for this field:
+-   **Logon Type** \[Version 0, 1, 2\] \[Type = UInt32\]**:** the type of logon which was performed. The table below contains the list of possible values for this field.
+
+## Logon types and descriptions
 
 | Logon Type | Logon Title       | Description                                                                                                                                                                                                                                                                                                                |
 |------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -193,13 +195,13 @@ This event generates when a logon session is created (on destination machine). I
 
 -   **Linked Logon ID** \[Version 2\] \[Type = HexInt64\]**:** A hexadecimal value of the paired logon session. If there is no other logon session associated with this logon session, then the value is “**0x0**”.
 
--   **Network Account Name** \[Version 2\] \[Type = UnicodeString\]**:** User name that will be used for outbound (network) connections. Valid only for [**NewCredentials**](#Windows_Logon_Types) logon type.
+-   **Network Account Name** \[Version 2\] \[Type = UnicodeString\]**:** User name that will be used for outbound (network) connections. Valid only for [NewCredentials](#logon-types-and-descriptions) logon type.
 
-    If not [**NewCredentials**](#Windows_Logon_Types) logon, then this will be a "-" string.
+    If not **NewCredentials** logon, then this will be a "-" string.
 
--   **Network Account Domain** \[Version 2\] \[Type = UnicodeString\]**:** Domain for the user that will be used for outbound (network) connections. Valid only for [**NewCredentials**](#Windows_Logon_Types) logon type.
+-   **Network Account Domain** \[Version 2\] \[Type = UnicodeString\]**:** Domain for the user that will be used for outbound (network) connections. Valid only for [NewCredentials](#logon-types-and-descriptions) logon type.
 
-    If not [**NewCredentials**](#Windows_Logon_Types) logon, then this will be a "-" string.
+    If not **NewCredentials** logon, then this will be a "-" string.
 
 -   **Logon GUID** \[Type = GUID\]: a GUID that can help you correlate this event with another event that can contain the same **Logon GUID**, “[4769](event-4769.md)(S, F): A Kerberos service ticket was requested event on a domain controller.