Windows Security Log Event ID 4788

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
Category
 • Subcategory		Account Management
 • Application Group Management
Type Success
Corresponding events
in Windows 2003
and before		 692  

4788: A non-member was removed from a basic application group..

On this page

Apparently this event is supposed to be logged when you remove an exclusion from a basic application group but instead Windows logs 4786 with no indication that the member is an excluded member.

I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.

Free Security Log Resources by Randy

Supercharger Enterprise


Load Balancing for Windows Event Collection

 

Examples of 4788

A non-member was removed from a basic application group.

Subject:

   Security ID:  %6
   Account Name:  %7
   Account Domain:  %8
   Logon ID:  %9

Member:

   Security ID:  %2
   Account Name:  %1

Group:

   Security ID:  %5
   Account Name:  %3
   Account Domain:  %4

Additional Information:

   Privileges:  %10

A non-member is an account that is explicitly excluded from membership in a basic application group.  Even if the account is specified as a member of the application group, either explicitly or through nested group membership, the account will not be treated as a group member if it is listed as a non-member.

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources

    Go To Event ID:

    Security Log
    Quick Reference
    Chart
    Download now!