Windows Security Log Events



(LOGbinder for SharePoint)
(LOGbinder for SQL Server)
(LOGbinder for Exchange)
(MS Sysinternals Sysmon)
Windows Audit Categories:

Subcategories:

Windows Versions:

Category: Policy Change

Windows 4670 Permissions on an object were changed
Windows 4703 A token right was adjusted
Windows 4704 A user right was assigned
Windows 4705 A user right was removed
Windows 4706 A new trust was created to a domain
Windows 4707 A trust to a domain was removed
Windows 4709 IPsec Services was started
Windows 4710 IPsec Services was disabled
Windows 4711 PAStore Engine (1%)
Windows 4712 IPsec Services encountered a potentially serious failure
Windows 4713 Kerberos policy was changed
Windows 4714 Encrypted data recovery policy was changed
Windows 4715 The audit policy (SACL) on an object was changed
Windows 4716 Trusted domain information was modified
Windows 4717 System security access was granted to an account
Windows 4718 System security access was removed from an account
Windows 4719 System audit policy was changed
Windows 4817 Auditing settings on object were changed.
Windows 4819 Central Access Policies on the machine have been changed
Windows 4826 Boot Configuration Data loaded
Windows 4865 A trusted forest information entry was added
Windows 4866 A trusted forest information entry was removed
Windows 4867 A trusted forest information entry was modified
Windows 4902 The Per-user audit policy table was created
Windows 4904 An attempt was made to register a security event source
Windows 4905 An attempt was made to unregister a security event source
Windows 4906 The CrashOnAuditFail value has changed
Windows 4907 Auditing settings on object were changed
Windows 4908 Special Groups Logon table modified
Windows 4911 Resource attributes of the object were changed
Windows 4912 Per User Audit Policy was changed
Windows 4913 Central Access Policy on the object was changed
Windows 4944 The following policy was active when the Windows Firewall started
Windows 4945 A rule was listed when the Windows Firewall started
Windows 4946 A change has been made to Windows Firewall exception list. A rule was added
Windows 4947 A change has been made to Windows Firewall exception list. A rule was modified
Windows 4948 A change has been made to Windows Firewall exception list. A rule was deleted
Windows 4949 Windows Firewall settings were restored to the default values
Windows 4950 A Windows Firewall setting has changed
Windows 4951 A rule has been ignored because its major version number was not recognized by Windows Firewall
Windows 4952 Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall
Windows 4954 Windows Firewall Group Policy settings has changed. The new settings have been applied
Windows 4956 Windows Firewall has changed the active profile
Windows 4957 Windows Firewall did not apply the following rule
Windows 4958 Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer
Windows 5063 A cryptographic provider operation was attempted
Windows 5064 A cryptographic context operation was attempted
Windows 5065 A cryptographic context modification was attempted
Windows 5066 A cryptographic function operation was attempted
Windows 5067 A cryptographic function modification was attempted
Windows 5068 A cryptographic function provider operation was attempted
Windows 5069 A cryptographic function property operation was attempted
Windows 5070 A cryptographic function property operation was attempted
Windows 5440 The following callout was present when the Windows Filtering Platform Base Filtering Engine started
Windows 5441 The following filter was present when the Windows Filtering Platform Base Filtering Engine started
Windows 5442 The following provider was present when the Windows Filtering Platform Base Filtering Engine started
Windows 5443 The following provider context was present when the Windows Filtering Platform Base Filtering Engine started
Windows 5444 The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started
Windows 5446 A Windows Filtering Platform callout has been changed
Windows 5447 A Windows Filtering Platform filter has been changed
Windows 5448 A Windows Filtering Platform provider has been changed
Windows 5449 A Windows Filtering Platform provider context has been changed
Windows 5450 A Windows Filtering Platform sub-layer has been changed
Windows 5456 PAStore Engine applied Active Directory storage IPsec policy on the computer
Windows 5457 PAStore Engine failed to apply Active Directory storage IPsec policy on the computer
Windows 5458 PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer
Windows 5459 PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer
Windows 5460 PAStore Engine applied local registry storage IPsec policy on the computer
Windows 5461 PAStore Engine failed to apply local registry storage IPsec policy on the computer
Windows 5462 PAStore Engine failed to apply some rules of the active IPsec policy on the computer
Windows 5463 PAStore Engine polled for changes to the active IPsec policy and detected no changes
Windows 5464 PAStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Services
Windows 5465 PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully
Windows 5466 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead
Windows 5467 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy
Windows 5468 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes
Windows 5471 PAStore Engine loaded local storage IPsec policy on the computer
Windows 5472 PAStore Engine failed to load local storage IPsec policy on the computer
Windows 5473 PAStore Engine loaded directory storage IPsec policy on the computer
Windows 5474 PAStore Engine failed to load directory storage IPsec policy on the computer
Windows 5477 PAStore Engine failed to add quick mode filter
Windows 6144 Security policy in the group policy objects has been applied successfully
Windows 6145 One or more errors occured while processing security policy in the group policy objects

 

Additional Resources