About AcitveDirectory EventLog
参考微软文档整理的常用EVENTID:
|
Event ID |
Event message |
分類 |
類別 |
|
4670 |
Permissions on an object were changed. |
Audit Other Policy Change Events |
Policy Change |
|
4704 |
A user right was assigned. |
Audit Authorization Policy Change |
Policy Change |
|
4705 |
A user right was removed. |
Audit Authorization Policy Change |
Policy Change |
|
4706 |
A new trust was created to a domain. |
Audit Authorization Policy Change |
Policy Change |
|
4707 |
A trust to a domain was removed. |
Audit Authorization Policy Change |
Policy Change |
|
4709 |
IPsec Services was started. |
Audit Filtering Platform Policy Change |
Policy Change |
|
4710 |
IPsec Services was disabled. |
Audit Filtering Platform Policy Change |
Policy Change |
|
4711 |
May contain any one of the following:PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer. |
Audit Filtering Platform Policy Change |
Policy Change |
|
4712 |
IPsec Services encountered a potentially serious failure. |
Audit Filtering Platform Policy Change |
Policy Change |
|
4713 |
Kerberos policy was changed. |
Audit Authentication Policy Change |
Policy Change |
|
4714 |
Encrypted data recovery policy was changed. |
Audit Authorization Policy Change |
Policy Change |
|
4715 |
The audit policy (SACL) on an object was changed. |
Audit Audit Policy Change |
Policy Change |
|
4716 |
Trusted domain information was modified. |
Audit Authentication Policy Change |
Policy Change |
|
4717 |
System security access was granted to an account. |
Audit Authentication Policy Change |
Policy Change |
|
4718 |
System security access was removed from an account. |
Audit Authentication Policy Change |
Policy Change |
|
4719 |
System audit policy was changed. |
Audit Audit Policy Change |
Policy Change |
|
4720 |
A user account was created. |
Audit User |
Account Management |
|
4722 |
A user account was enabled. |
Audit User |
Account Management |
|
4723 |
An attempt was made to change an account's password. |
Audit User |
Account Management |
|
4724 |
An attempt was made to reset an account's password. |
Audit User |
Account Management |
|
4725 |
A user account was disabled. |
Audit User |
Account Management |
|
4726 |
A user account was deleted. |
Audit User |
Account Management |
|
4727 |
A security-enabled global group was created. |
Audit Security Group |
Account Management |
|
4728 |
A member was added to a security-enabled global group. |
Audit Security Group |
Account Management |
|
4729 |
A member was removed from a security-enabled global group. |
Audit Security Group |
Account Management |
|
4730 |
A security-enabled global group was deleted. |
Audit Security Group |
Account Management |
|
4731 |
A security-enabled local group was created. |
Audit Security Group |
Account Management |
|
4732 |
A member was added to a security-enabled local group. |
Audit Security Group |
Account Management |
|
4733 |
A member was removed from a security-enabled local group. |
Audit Security Group |
Account Management |
|
4734 |
A security-enabled local group was deleted. |
Audit Security Group |
Account Management |
|
4735 |
A security-enabled local group was changed. |
Audit Security Group |
Account Management |
|
4737 |
A security-enabled global group was changed. |
Audit Security Group |
Account Management |
|
4738 |
A user account was changed. |
Audit User |
Account Management |
|
4739 |
Domain Policy was changed. |
Audit Authentication Policy Change |
Policy Change |
|
4740 |
A user account was locked out. |
Audit User |
Account Management |
|
4741 |
A computer account was created. |
Audit Computer |
Account Management |
|
4742 |
A computer account was changed. |
Audit Computer |
Account Management |
|
4743 |
A computer account was deleted. |
Audit Computer |
Account Management |
|
4744 |
A security-disabled local group was created. |
Audit Distribution Group |
Account Management |
|
4745 |
A security-disabled local group was changed. |
Audit Distribution Group |
Account Management |
|
4746 |
A member was added to a security-disabled local group. |
Audit Distribution Group |
Account Management |
|
4747 |
A member was removed from a security-disabled local group. |
Audit Distribution Group |
Account Management |
|
4748 |
A security-disabled local group was deleted. |
Audit Distribution Group |
Account Management |
|
4749 |
A security-disabled global group was created. |
Audit Distribution Group |
Account Management |
|
4750 |
A security-disabled global group was changed. |
Audit Distribution Group |
Account Management |
|
4751 |
A member was added to a security-disabled global group. |
Audit Distribution Group |
Account Management |
|
4752 |
A member was removed from a security-disabled global group. |
Audit Distribution Group |
Account Management |
|
4753 |
A security-disabled global group was deleted. |
Audit Distribution Group |
Account Management |
|
4754 |
A security-enabled universal group was created. |
Audit Security Group |
Account Management |
|
4755 |
A security-enabled universal group was changed. |
Audit Security Group |
Account Management |
|
4756 |
A member was added to a security-enabled universal group. |
Audit Security Group |
Account Management |
|
4757 |
A member was removed from a security-enabled universal group. |
Audit Security Group |
Account Management |
|
4758 |
A security-enabled universal group was deleted. |
Audit Security Group |
Account Management |
|
4759 |
A security-disabled universal group was created. |
Audit Distribution Group |
Account Management |
|
4760 |
A security-disabled universal group was changed. |
Audit Distribution Group |
Account Management |
|
4761 |
A member was added to a security-disabled universal group. |
Audit Distribution Group |
Account Management |
|
4762 |
A member was removed from a security-disabled universal group. |
Audit Distribution Group |
Account Management |
|
4764 |
A group's type was changed. |
Audit Security Group |
Account Management |
|
4765 |
SID History was added to an account. |
Audit User |
Account Management |
|
4766 |
An attempt to add SID History to an account failed. |
Audit User |
Account Management |
|
4767 |
A user account was unlocked. |
Audit User |
Account Management |
|
4780 |
The ACL was set on accounts which are members of administrators groups. |
Audit User |
Account Management |
|
4781 |
The name of an account was changed: |
Audit User |
Account Management |
|
4782 |
The password hash for an account was accessed. |
Audit Other Account |
Account Management |
|
4783 |
A basic application group was created. |
Audit Application Group |
Account Management |
|
4784 |
A basic application group was changed. |
Audit Application Group |
Account Management |
|
4785 |
A member was added to a basic application group. |
Audit Application Group |
Account Management |
|
4786 |
A member was removed from a basic application group. |
Audit Application Group |
Account Management |
|
4787 |
A non-member was added to a basic application group. |
Audit Application Group |
Account Management |
|
4788 |
A non-member was removed from a basic application group. |
Audit Application Group |
Account Management |
|
4789 |
A basic application group was deleted. |
Audit Application Group |
Account Management |
|
4790 |
An LDAP query group was created. |
Audit Application Group |
Account Management |
|
4793 |
The Password Policy Checking API was called. |
Audit Other Account |
Account Management |
|
4794 |
An attempt was made to set the Directory Services Restore Mode. |
Audit User |
Account Management |
|
4817 |
Auditing settings on an object were changed. |
Audit Audit Policy Change |
Policy Change |
|
4864 |
A namespace collision was detected. |
Audit Authentication Policy Change |
Policy Change |
|
4865 |
A trusted forest information entry was added. |
Audit Authentication Policy Change |
Policy Change |
|
4866 |
A trusted forest information entry was removed. |
Audit Authentication Policy Change |
Policy Change |
|
4867 |
A trusted forest information entry was modified. |
Audit Authentication Policy Change |
Policy Change |
|
4902 |
The Per-user audit policy table was created. |
Audit Audit Policy Change |
Policy Change |
|
4904 |
An attempt was made to register a security event source. |
Audit Audit Policy Change |
Policy Change |
|
4905 |
An attempt was made to unregister a security event source. |
Audit Audit Policy Change |
Policy Change |
|
4906 |
The CrashOnAuditFail value has changed. |
Audit Audit Policy Change |
Policy Change |
|
4907 |
Auditing settings on object were changed. |
Audit Audit Policy Change |
Policy Change |
|
4908 |
Special Groups Logon table modified. |
Audit Audit Policy Change |
Policy Change |
|
4909 |
The local policy settings for the TBS were changed. |
Audit Other Policy Change Events |
Policy Change |
|
4910 |
The group policy settings for the TBS were changed. |
Audit Other Policy Change Events |
Policy Change |
|
4912 |
Per User Audit Policy was changed. |
Audit Audit Policy Change |
Policy Change |
|
4944 |
The following policy was active when the Windows Firewall started. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4945 |
A rule was listed when the Windows Firewall started. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4946 |
A change has been made to Windows Firewall exception list. A rule was added. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4947 |
A change has been made to Windows Firewall exception list. A rule was modified. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4948 |
A change has been made to Windows Firewall exception list. A rule was deleted. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4949 |
Windows Firewall settings were restored to the default values. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4950 |
A Windows Firewall setting has changed. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4951 |
A rule has been ignored because its major version number was not recognized by Windows Firewall. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4952 |
Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4953 |
A rule has been ignored by Windows Firewall because it could not parse the rule. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4954 |
Windows Firewall Group Policy settings have changed. The new settings have been applied. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4956 |
Windows Firewall has changed the active profile. |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4957 |
Windows Firewall did not apply the following rule: |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
4958 |
Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer: |
Audit MPSSVC Rule-Level Policy Change |
Policy Change |
|
5040 |
A change has been made to IPsec settings. An Authentication Set was added. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5041 |
A change has been made to IPsec settings. An Authentication Set was modified. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5042 |
A change has been made to IPsec settings. An Authentication Set was deleted. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5043 |
A change has been made to IPsec settings. A Connection Security Rule was added. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5044 |
A change has been made to IPsec settings. A Connection Security Rule was modified. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5045 |
A change has been made to IPsec settings. A Connection Security Rule was deleted. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5046 |
A change has been made to IPsec settings. A Crypto Set was added. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5047 |
A change has been made to IPsec settings. A Crypto Set was modified. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5048 |
A change has been made to IPsec settings. A Crypto Set was deleted. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5063 |
A cryptographic provider operation was attempted. |
Audit Other Policy Change Events |
Policy Change |
|
5064 |
A cryptographic context operation was attempted. |
Audit Other Policy Change Events |
Policy Change |
|
5065 |
A cryptographic context modification was attempted. |
Audit Other Policy Change Events |
Policy Change |
|
5066 |
A cryptographic function operation was attempted. |
Audit Other Policy Change Events |
Policy Change |
|
5067 |
A cryptographic function modification was attempted. |
Audit Other Policy Change Events |
Policy Change |
|
5068 |
A cryptographic function provider operation was attempted. |
Audit Other Policy Change Events |
Policy Change |
|
5069 |
A cryptographic function property operation was attempted. |
Audit Other Policy Change Events |
Policy Change |
|
5070 |
A cryptographic function property modification was attempted. |
Audit Other Policy Change Events |
Policy Change |
|
5376 |
Credential Manager credentials were backed up. |
Audit User |
Account Management |
|
5377 |
Credential Manager credentials were restored from a backup. |
Audit User |
Account Management |
|
5440 |
The following callout was present when the Windows Filtering Platform Base Filtering Engine started. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5441 |
The following filter was present when the Windows Filtering Platform Base Filtering Engine started. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5442 |
The following provider was present when the Windows Filtering Platform Base Filtering Engine started. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5443 |
The following provider context was present when the Windows Filtering Platform Base Filtering Engine started. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5444 |
The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5446 |
A Windows Filtering Platform callout has been changed. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5447 |
A Windows Filtering Platform filter has been changed. |
Audit Other Policy Change Events |
Policy Change |
|
5448 |
A Windows Filtering Platform provider has been changed. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5449 |
A Windows Filtering Platform provider context has been changed. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5450 |
A Windows Filtering Platform sub-layer has been changed. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5456 |
PAStore Engine applied Active Directory storage IPsec policy on the computer. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5457 |
PAStore Engine failed to apply Active Directory storage IPsec policy on the computer. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5458 |
PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5459 |
PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5460 |
PAStore Engine applied local registry storage IPsec policy on the computer. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5461 |
PAStore Engine failed to apply local registry storage IPsec policy on the computer. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5462 |
PAStore Engine failed to apply some rules of the active IPsec policy on the computer. Use the IP Security Monitor snap-in to diagnose the problem. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5463 |
PAStore Engine polled for changes to the active IPsec policy and detected no changes. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5464 |
PAStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Services. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5465 |
PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5466 |
PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead. Any changes made to the Active Directory IPsec policy since the last poll could not be applied. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5467 |
PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy. The cached copy of the Active Directory IPsec policy is no longer being used. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5468 |
PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes. The cached copy of the Active Directory IPsec policy is no longer being used. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5471 |
PAStore Engine loaded local storage IPsec policy on the computer. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5472 |
PAStore Engine failed to load local storage IPsec policy on the computer. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5473 |
PAStore Engine loaded directory storage IPsec policy on the computer. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5474 |
PAStore Engine failed to load directory storage IPsec policy on the computer. |
Audit Filtering Platform Policy Change |
Policy Change |
|
5477 |
PAStore Engine failed to add quick mode filter. |
Audit Filtering Platform Policy Change |
Policy Change |
|
6144 |
Security policy in the group policy objects has been applied successfully. |
Audit Other Policy Change Events |
Policy Change |
|
6145 |
One or more errors occurred while processing security policy in the group policy objects. |
Audit Other Policy Change Events |
Policy Change |
About AcitveDirectory EventLog的更多相关文章
- .NET Core的日志[4]:将日志写入EventLog
面向Windows的编程人员应该不会对Event Log感到陌生,以至于很多人提到日志,首先想到的就是EventLog.EventLog不仅仅记录了Windows系统自身针对各种事件的日志,我们的应用 ...
- 服务器重启后SQL Server Agent由于"The EventLog service has not been started" 启动失败
案例环境: 操作系统 : Microsoft Windows Server 2003 Standard Edtion SP2 数据库版本 : SQL Server 2005 Standard Ed ...
- 添加无线服务wzcsvc服务,Eventlog服务
<添加eventlog服务.reg> Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentCont ...
- 写window应用程序日志System.Diagnostics.EventLog.WriteEntry
System.Diagnostics.EventLog.WriteEntry( MySource , Writing to event log. ); 可以写window应用程序日志 查看的地方:右击 ...
- 使用EventLog类写Windows事件日志
在程序中经常需要将指定的信息(包括异常信息和正常处理信息)写到日志中.在C#3.0中可以使用EventLog类将各种信息直接写入Windows日志.EventLog类在System.Diagnosti ...
- EventLog组件
1.使用EventLog组件读写事件日志 SourceExists方法 确定事件源是否已在本地计算机上注册 DeleteEventSource方法 用于从事件日志中移除应用程序的事件源注册 pri ...
- EventLog实现事件日志操作
选中”我的电脑”,在其右键菜单中选择“管理”,在打开的对话框中包括了如下图所示的“日志”信息: 选中其中的某一条日志,可以看到如下的详细信息: 我们应该如何通过写代码的方式向其中添加“日志”呢? 在操 ...
- 将日志写入EventLog
将日志写入EventLog 面向Windows的编程人员应该不会对Event Log感到陌生,以至于很多人提到日志,首先想到的就是EventLog.EventLog不仅仅记录了Windows系统自身针 ...
- Eventlog控件的使用
CreateEventSource 已重载. 建立一个能够将事件信息写入到系统的特定日志中的应用程序. Delete 已重载. 移除日志资源. DeleteEventSource 已重载. 从事件日志 ...
随机推荐
- Kafka 快速起步
Kafka 快速起步 原创 2017-01-05 杜亦舒 性能与架构 性能与架构 性能与架构 微信号 yogoup 功能介绍 网站性能提升与架构设计 主要内容:1. kafka 安装.启动2. 消息的 ...
- AssionShop开源B2C电子商务系统-概述(转载)
今天是个特殊的日子,我在北京房租价格又上了一个新的台阶.在这个日子我准备开始建立一个开源项目,一个B2C行业的EC系统. 一.关于定位 我要做的不只是一个商城,应该说是一个能满足中小型企业建立电子商务 ...
- Microsoft Team Foundation Server 2010 安装 序列号 注册码(转载)
安装过程: 一.安装操作系统 安装Windows 2008 R2简体中文版 二.准备安装过程中的需要的用户账户,并设置相应权限. 具体流程如下: 1.点击“开始”——“管理工具”——“计算机管理” 2 ...
- signed distance field 算法
将二值图转化成signed distance field后,可以在双线性插值下实现平滑放大. 定义: 到前景的distance field:各点到最近前景点的距离. 到背景的distance fiel ...
- C++程序设计项目开发——银行自己主动提款机(二)
函数的有关知识在后面章节会讲到,先提前了解下.在没有系统的学习完之前,咱们先来模仿着写一个样例,尝试这样的有效的学习方法. 尝试下这种学习方法. 显示功能选项 1.查询 2.取款 3.存款 4.转 ...
- windows server 2003中端口默认不能使用问题
问题:在windows server 2003中IIS6.0新建站点,给了一个新端口(非80),然后配置好后不能访问 解决方案:系统内置防火墙需要添加对应端口,如下图: 即解决.
- Unix删除当前目录可执行文件
On GNU versions of find you can use -executable: find . -type f -executable -printFor BSD versions o ...
- 修正ECMALL在PHP5.3以上版本中无法开启支付方式的BUG
修正ECMALL在PHP5.3以上版本中无法开启支付方式的BUG 很多用户反映说PHP5.3.3下,ECMALL的商家无法安装支付方式,这个是比较严重的事情,不能安装支付方式那什么都不能干呢,那我就免 ...
- iOS直播-基于RTMP的视频推送
iOS直播-基于RTMP的视频推送 所谓的视频推送就是把摄像头和麦克风捕获到视频和音频推送到直播服务器上.我们这里使用推送协议是RTMP协议. 扩展:腾讯直播平台,阿里直播平台,百度直播平台提供均为R ...
- mysql数据库表修改某一列的类型
下面列出:1.增加一个字段alter table user add COLUMN new1 VARCHAR(20) DEFAULT NULL; //增加一个字段,默认为空alter table use ...