Merge pull request #11297 from ep3p/patch-1

Correct mistake in event-4670.md
2025-05-21 17:57:22 +00:00 · 2023-01-25 10:43:28 -05:00 · 2023-01-25 10:43:28 -05:00 · ef98a983aa
commit ef98a983aa
parent bc6ce1f2fb 1832c14031
1 changed files with 5 additions and 5 deletions
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@ -235,14 +235,14 @@ Example: D:(A;;FA;;;WD)
 | "GR"                       | GENERIC READ                    | "SD"                 | Delete                   |
 | "GW"                       | GENERIC WRITE                   | "WD"                 | Modify Permissions       |
 | "GX"                       | GENERIC EXECUTE                 | "WO"                 | Modify Owner             |
-| File access rights         | "RP"                            | Read All Properties  |
+| File access rights         |                                 | "RP"                 | Read All Properties      |
 | "FA"                       | FILE ALL ACCESS                 | "WP"                 | Write All Properties     |
 | "FR"                       | FILE GENERIC READ               | "CC"                 | Create All Child Objects |
 | "FW"                       | FILE GENERIC WRITE              | "DC"                 | Delete All Child Objects |
 | "FX"                       | FILE GENERIC EXECUTE            | "LC"                 | List Contents            |
-| Registry key access rights | "SW"                            | All Validated Writes |
-| "KA"                       | "LO"                            | "LO"                 | List Object              |
-| "K"                        | KEY READ                        | "DT"                 | Delete Subtree           |
+| Registry key access rights |                                 | "SW"                 | Self Write               |
+| "KA"                       | KEY ALL ACCESS                  | "LO"                 | List Object              |
+| "KR"                       | KEY READ                        | "DT"                 | Delete Subtree           |
 | "KW"                       | KEY WRITE                       | "CR"                 | All Extended Rights      |
 | "KX"                       | KEY EXECUTE                     |                      |                          |

@ -272,4 +272,4 @@ For file system and registry objects, the following recommendations apply.

 - If you have critical registry objects for which you need to monitor all modifications (especially permissions changes and owner changes), monitor for the specific **Object\\Object Name.**

- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers<b>.</b> For example, you could monitor the **ntds.dit** file on domain controllers.
+- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers<b>.</b> For example, you could monitor the **ntds.dit** file on domain controllers.