Home
Resources
Training
About Us
eStore

>

resources > security log resource center > encyclopedia > event 612

 

 

 

 

 

 

 

Latest Blog: Log monitoring and the Terry Childs/City of San Francisco debacle

  

Windows Security Log Events by ID

look up more events by Event ID or Category

Event ID

612

Title

Audit Policy Change
Type: Example: Randy's Comments:
Success

OS:

All versions

Category:

Policy Change

New Policy:
SuccessFailure
+ +Logon/Logoff
+ +Object Access
+ +Privilege Use
- -Account Management
+ +Policy Change
+ +System
- -Detailed Tracking
+ +Directory Service Access
+ +Account Logon

Changed By:
User Name:W2DC$
Domain Name:ELMW2
Logon ID:(0x0,0x3E7)

This indicates the system's audit policy was modified. Pluses indicate auditing was enabled, minuses indicate it was disabled. Unfortunately the Change By fields don't identify who actually changed the policy because audit policy isn't directly configured by administrators. Instead it is edited in a group policy object which then gets applied to the computer. Therefore this event always shows the local computer as the one who changed the policy since the computer is the security principal under which gpupdate runs.

Next:

Get all the tools you need in one newsletter!
Free log parser scripts, clear explanations of Microsoft's latest security bulletins, and more. View a sample issue.
Email Address:
Your email address will not be shared. You may unsubscribe at any time.


Upcoming Webinars by Randy Franklin Smith

IT Audit: Understanding Active Directory Structure and How It Makes Auditing AD Different

Security Log Secrets: Auditing Unauthorized, Unrecognized Software

Filling the Gap in Windows Configuration Baselining


Additional Links

A
D
V

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map