deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-05 17:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/keep-secure/audit-removable-storage.md
Brian Lich 6d38dc68b7 refreshing conversion test build
2016-03-21 11:28:01 -07:00

3.2 KiB
Raw Blame History

title, description, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, author
title description ms.assetid ms.prod ms.mktglfcycl ms.sitesec author
Audit Removable Storage (Windows 10) This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines . 1746F7B3-8B41-4661-87D8-12F734AFFB26 W10 deploy library brianlic-msft

Audit Removable Storage

Applies to

  • Windows 10

This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines .

Event volume:

Default: Not configured

Event ID Event message

4663

An attempt was made to access an object.

Subject:

Security ID: %1

Account Name: %2

Account Domain: %3

Logon ID: %4

Object:

Object Server: %5

Object Type: %6

Object Name: %7

Handle ID: %8

Process Information:

Process ID: %11

Process Name: %12

Access Request Information:

Accesses: %9

Access Mask: %10

4659

A handle to an object was requested with intent to delete.

Subject:

Security ID: %1

Account Name: %2

Account Domain: %3

Logon ID: %4

Object:

Object Server: %5

Object Type: %6

Object Name: %7

Handle ID: %8

Process Information:

Process ID: %13

Access Request Information:

Transaction ID: %9

Accesses: %10

Access Mask: %11

Privileges Used for Access Check: %12

4818

Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.

Subject:

Security ID: %1

Account Name: %2

Account Domain: %3

Logon ID: %4

Object:

Object Server: %5

Object Type: %6

Object Name: %7

Handle ID: %8

Process Information:

Process ID: %9

Process Name: %10

Current Central Access Policy results:

Access Reasons: %11

Proposed Central Access Policy results that differ from the current Central Access Policy results:

Access Reasons: %12

4656

A handle to an object was requested.

Subject:

Security ID: %1

Account Name: %2

Account Domain: %3

Logon ID: %4

Object:

Object Server: %5

Object Type: %6

Object Name: %7

Handle ID: %8

Resource Attributes: %17

Process Information:

Process ID: %15

Process Name: %16

Access Request Information:

Transaction ID: %9

Accesses: %10

Access Reasons: %11

Access Mask: %12

Privileges Used for Access Check: %13

Restricted SID Count: %14

 

Related topics

Advanced security audit policy settings