|
|
|
512
|
All Versions
|
Windows NT is starting up
|
|
|
513
|
All Versions
Win2003
XP
|
Windows NT is shutting down
|
|
|
514
|
All Versions
Win2003
XP
|
An authentication package has been loaded by the Local Security Authority
|
|
|
515
|
All Versions
Win2003
XP
|
A trusted logon process has registered with the Local Security Authority
|
|
|
516
|
All Versions
|
Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits
|
|
|
517
|
All Versions
|
The audit log was cleared
|
|
|
518
|
All Versions
|
A notification package has been loaded by the Security Account Manager
|
|
|
519
|
Win2003
|
A process is using an invalid local procedure call (LPC) port
|
|
|
520
|
Win2003
|
The system time was changed
|
|
|
528
|
All Versions
Win2003
|
Successful Logon
|
|
|
529
|
All Versions
|
Logon Failure - Unknown user name or bad password
|
|
|
530
|
All Versions
|
Logon Failure - Account logon time restriction violation
|
|
|
531
|
All Versions
|
Logon Failure - Account currently disabled
|
|
|
532
|
All Versions
|
Logon Failure - The specified user account has expired
|
|
|
533
|
All Versions
|
Logon Failure - User not allowed to logon at this computer
|
|
|
534
|
All Versions
Win2000
|
Logon Failure - The user has not been granted the requested logon type at this machine
|
|
|
535
|
All Versions
|
Logon Failure - The specified account's password has expired
|
|
|
536
|
All Versions
|
Logon Failure - The NetLogon component is not active
|
|
|
537
|
All Versions
|
Logon failure - The logon attempt failed for other reasons.
|
|
|
538
|
All Versions
|
User Logoff
|
|
|
539
|
All Versions
|
Logon Failure - Account locked out
|
|
|
540
|
All Versions
Win2000
Win2003
XP
|
Successful Network Logon
|
|
|
552
|
Win2003
|
Logon attempt using explicit credentials
|
|
|
560
|
All Versions
|
Object Open
|
|
|
561
|
All Versions
|
Handle Allocated
|
|
|
562
|
All Versions
|
Handle Closed
|
|
|
563
|
All Versions
|
Object Open for Delete
|
|
|
564
|
All Versions
Win2000
|
Object Deleted
|
|
|
565
|
Win2000
Win2003
|
Object Open (Active Directory)
|
|
|
566
|
Win2003
|
Object Operation (W3 Active Directory)
|
|
|
567
|
Win2003
|
Object Access Attempt
|
|
|
576
|
All Versions
|
Special privileges assigned to new logon
|
|
|
577
|
All Versions
|
Privileged Service Called
|
|
|
578
|
All Versions
|
Privileged object operation
|
|
|
592
|
All Versions
|
A new process has been created
|
|
|
593
|
All Versions
|
A process has exited
|
|
|
594
|
All Versions
|
A handle to an object has been duplicated
|
|
|
595
|
All Versions
|
Indirect access to an object has been obtained
|
|
|
600
|
All Versions
|
A process was assigned a primary token
|
|
|
601
|
Win2003
|
Attempt to install service
|
|
|
602
|
Win2003
|
Scheduled Task created
|
|
|
608
|
All Versions
|
User Right Assigned
|
|
|
609
|
All Versions
|
User Right Removed
|
|
|
610
|
Win2000
Win2003
|
New Trusted Domain
|
|
|
611
|
Win2000
Win2003
|
Removing Trusted Domain
|
|
|
612
|
All Versions
|
Audit Policy Change
|
|
|
613
|
All Versions
|
IPSec policy agent started
|
|
|
614
|
All Versions
|
IPSec policy agent disabled
|
|
|
615
|
Win2000
Win2003
|
IPSEC PolicyAgent Service
|
|
|
616
|
Win2000
|
IPSec policy agent encountered a potentially serious failure.
|
|
|
617
|
Win2000
Win2003
|
Kerberos Policy Changed
|
|
|
618
|
Win2000
Win2003
|
Encrypted Data Recovery Policy Changed
|
|
|
619
|
All Versions
|
Quality of Service Policy Changed
|
|
|
620
|
Win2000
Win2003
|
Trusted Domain Information Modified
|
|
|
621
|
Win2003
|
System Security Access Granted
|
|
|
622
|
Win2003
|
System Security Access Removed
|
|
|
623
|
Win2003
|
Per User Audit Policy was refreshed
|
|
|
624
|
Win2000
Win2003
|
User Account Created
|
|
|
625
|
All Versions
Win2000
Win2003
|
User Account Enabled
|
|
|
|