deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 05:43:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
82ad395cda6cd6e17b2ebff1dd2ab24d3630ac2c
windows-itpro-docs/windows/keep-secure/audit-removable-storage.md
Jan Backstrom f046a5fec0 tagging update 
change W10 to w10 (lower case), add security pagetype to various
2016-05-26 17:07:01 -07:00

3.4 KiB
Raw Blame History

title, description, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, author
title description ms.assetid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype author
Audit Removable Storage (Windows 10) This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive. 1746F7B3-8B41-4661-87D8-12F734AFFB26 w10 deploy library security brianlic-msft

Audit Removable Storage

Applies to

  • Windows 10

This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive.

Event volume: Low

Default: Not configured

Event ID Event message

4663

An attempt was made to access an object.

Subject:

Security ID: %1

Account Name: %2

Account Domain: %3

Logon ID: %4

Object:

Object Server: %5

Object Type: %6

Object Name: %7

Handle ID: %8

Process Information:

Process ID: %11

Process Name: %12

Access Request Information:

Accesses: %9

Access Mask: %10

4659

A handle to an object was requested with intent to delete.

Subject:

Security ID: %1

Account Name: %2

Account Domain: %3

Logon ID: %4

Object:

Object Server: %5

Object Type: %6

Object Name: %7

Handle ID: %8

Process Information:

Process ID: %13

Access Request Information:

Transaction ID: %9

Accesses: %10

Access Mask: %11

Privileges Used for Access Check: %12

4818

Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.

Subject:

Security ID: %1

Account Name: %2

Account Domain: %3

Logon ID: %4

Object:

Object Server: %5

Object Type: %6

Object Name: %7

Handle ID: %8

Process Information:

Process ID: %9

Process Name: %10

Current Central Access Policy results:

Access Reasons: %11

Proposed Central Access Policy results that differ from the current Central Access Policy results:

Access Reasons: %12

4656

A handle to an object was requested.

Subject:

Security ID: %1

Account Name: %2

Account Domain: %3

Logon ID: %4

Object:

Object Server: %5

Object Type: %6

Object Name: %7

Handle ID: %8

Resource Attributes: %17

Process Information:

Process ID: %15

Process Name: %16

Access Request Information:

Transaction ID: %9

Accesses: %10

Access Reasons: %11

Access Mask: %12

Privileges Used for Access Check: %13

Restricted SID Count: %14
  ## Related topics