Windows Security Log Event ID 638

638: Security Enabled Local Group Deleted

On this page

• Description of this event
• Field level details
• Examples
• Discuss this event

Security local group deletedType:

AD has 2 types of groups: Security and Distribution. Distribution (security disabled) groups are for distribution lists in Exchange and cannot be assigned permissions or rights. Security (security enabled) groups can be used for permissions, rights and as distribution lists.

Scope:

AD has 3 scopes of groups: Local, Global, Universal. See knowledge base article 326265.

Free Security Log Quick Reference Chart

Description Fields in 638  Target Account Name: %1  Target Domain: %2  Target Account ID: %3  Caller User Name: %4  Caller Domain: %5  Caller Logon ID: %6  Privileges: %7 Top 10 Events to Monitor Examples of 638 Security Enabled Local Group Deleted: Target Account Name:AccountingStaff Target Domain:ELMW2 Target Account ID:AccountingStaff DEL:ffe84f0d-260a-4be2-a85b-f26a29e2a8d1 Caller User Name:Administrator Caller Domain:ELMW2 Caller Logon ID:(0x0,0x12D622) Privileges:- Keep me up-to-date on the Windows Security Log. Email*: *We will NOT share this

Training for the Windows Security Log Security Log Secrets In-Depth Training On-Site or On-Demand Security Log Resource Kit

Mini-Seminars Covering Event ID 638 Monitoring Active Directory for Security and Compliance: How Far Does the Native Audit Log Take You?

Discussions on Event ID 638 Ask a question about this event