NPS quarantined a user. This event is generated every time NPS quarantines a user for multiple authentication failures. NPS granted access to a user, but put the user on probation because the host did not meet the defined health policy.
This event is generated every time NPS puts a user on probation after granting access because the host could not meet the defined health policy. NPS granted access to a user because the host met the defined health policy. This event is generated every time NPS grants access to a user since the host has met the defined health policy. NPS locked the user account due to repeat failed authentication attempts.
This event is generated every time NPS locks a user account due to repeat failed authentication attempts. NPS unlocked the user account. This event is generated every time NPS unlocks a user account after the account lockout. A client disconnected from the resource. This event is generated every time a user on a client computer is disconnected from the network resource.
The user met the connection authorization policy and resource authorization policy requirements, but could not connect to the resource. This event is generated every time the user is unable to connect to the network resource even after meeting the connection and resource authorization policies. AD FS token issued. This event is generated every time AD FS issues a trusted token for authenticating a user based on a set of claims.
Issued identity. This event is generated every time a unique identity is issued to identify configuration objects and partner network addresses. It is logged only on a federation server. Caller identity. This event is generated every time a token issuance failure occurs for that caller identity. Token issued. This event is generated every time a token is issued by AD FS for having the necessary claims to authorize user access to the application. Application token success.
This event is generated every time an application token is issued successfully by AD FS for an authentication request. Application token failure. This event is generated every time an application token issuance by AD FS fails for an authentication request.
FSMO role not responding. An attempt to transfer the operations master role failed. This event is generated every time an attempt to transfer the FSMO role by the user fails. This directory partition has not been backed up since at least the following number of days. This event is generated every time a backup hasn't been created since the enabled backup latency threshold.
This event is generated every time a client initiates an LDAP bind without requesting the verification that the directory server is not configured to reject. A Kerberos service ticket was requested. Special privileges assigned to new logon. This event is generated every time sensitive privileges are assigned to a new logon session.
The special groups logon table was modified. This event is generated every time a security identifier SID is added to a special group for auditing purposes. A user's local group membership was enumerated. This event is generated every time a process enumerates the list of security groups that a user belongs to. It is logged on member servers and workstations. A member was removed from a security-enabled global group. This event is generated when a user, group, or computer is removed from a security-enabled global group.
A security-enabled global group was deleted. This event is generated when a security-enabled global group is deleted. A security-enabled local group was created. This event is generated when a security-enabled local group is created. It is logged on domain controllers for domain local groups, or on member computers for local SAM groups. A member was added to a security-enabled local group. This event is generated when users, groups, or computers are added to a security-enabled local group.
A member was removed from a security-enabled local group. This event is generated when users, groups, or computers are removed from a security-enabled local group.
A security-enabled local group was deleted. This event is generated when a security-enabled local group is deleted. A security-enabled local group was changed.
This event is generated when a security-enabled local group is modified. A security-enabled global group was changed. This event is generated when a security-enabled global group is changed. A user account was changed. This event is generated when the attributes of a user object are modified. It is logged on domain controllers for domain accounts, and on member computers for local accounts.
Domain Policy was changed. This event is generated when an Active Directory Domain Policy is changed. It is logged on domain controllers and member computers. A security-disabled universal group was created. This event is generated when a universal distribution group is created.
A security-disabled universal group account was changed. This event is generated when a universal distribution group is changed. A member was added to a security-disabled universal group. This event is generated when Active Directory objects, such as users, groups, or computers, are added to a universal distribution group. A member was removed from a security-disabled universal group. This event is generated when Active Directory objects, such as users, groups, or computers, are removed from a universal distribution group.
A security-disabled universal group was deleted. This event is generated when a universal distribution group is deleted.
A group type was changed. This event is generated when a group type or scope is changed. The name of an account was changed. This event is generated when the name of a user or computer account sAMAccountName attribute is changed. It is logged only on domain controllers for computer accounts, and on domain controllers and member computers for user accounts. A directory service object was created. This event is generated when an Active Directory object is created, provided proper SACLs are configured for the parent object.
A directory service object was moved. This event is generated when an Active Directory object is moved from one OU to another. A directory service object was deleted. This event is generated when an Active Directory object is deleted. A handle to an object was requested with intent to delete. This event is generated when an installed patch requires the replacement of a file opened by Windows. A new external device was recognized by the system. This event is generated when a new external device, such as a USB, is connected to the system.
It is logged on servers and workstations. Windows is starting up. This event is generated when a Windows machine is started. Windows is shutting down. This event is generated when a Windows machine is shutting down. The audit log was cleared. This event is generated whenever the security log is cleared. A notification package has been loaded by the Security Account Manager. This event is generated when a user attempts to change their password.
The system time was changed. This event is generated when the system time is changed. A user right was assigned. This event is generated when a user is assigned privileges. A user right was removed. This event is generated when a user's privileges are removed. System audit policy was changed. This event is generated when an audit policy is disabled, regardless of the "Audit Policy Change" sub-category setting. An operation was performed on an object. This event is generated when a user accesses an Active Directory object.
A network share object was accessed. This event is generated when a network share object is accessed. A network share object was added. You are now designing event sources for each new category dll you want to use. I doubt that descriptive names will be there like Source1, Source2, Source3 only to reuse 3 differnt category files which do contain messages you have no control over.
If you set category to '0', you will see the string 'none' in event viewer. Community Bot 1 1 1 silver badge. Sign up or log in Sign up using Google. Sign up using Facebook.
Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Stack Gives Back Safety in numbers: crowdsourcing data on nefarious IP addresses. Featured on Meta. New post summary designs on greatest hits now, everywhere else eventually. Related Hot Network Questions. Question feed. Stack Overflow works best with JavaScript enabled.
Accept all cookies Customize settings. If you create a single message file, be sure that the categories are the first messages in the file. For more information on creating and using message files, see Message Files. The total number of categories is stored in the CategoryCount value for the event source. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info.
0コメント