Windows Security Log Event ID 4964
4964: Special groups have been assigned to a new logon
On this page
For this event to be produced, auditing for SpecialGroups must first be set up. See Event 4908 for setup.
A new feature for Vista and Win2008, Special Groups auditing lets the administrator find out when a member of a certain group logs on to the computer. When an administrator sets a list of group security identifiers (SIDs) in the registry anyone in a Special Group will produce this event when logging on.
Free Security Log Resources by Randy
Subject:
- Security ID: %1
- Account Name: %2
- Account Domain: %3
- Logon ID: %4
- Logon GUID: %5
New Logon:
- Security ID: %6
- Account Name: %7
- Account Domain: %8
- Logon ID: %9
- Logon GUID: %10
- Special Groups Assigned: %11
Supercharger Enterprise
Load Balancing for Windows Event Collection
Special groups have been assigned to a new logon.
Subject:
Security ID: SYSTEM
Account Name: DC08$
Account Domain: ACME
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
New Logon:
Security ID: ACME\wsmith
Account Name: wsmith
Account Domain: ACME
Logon ID: 0x110b51
Logon GUID: {3432a23c-bb03-007e-e951-eeacdf5b5606}
Special Groups Assigned: ACME\WatchGroup
Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection