Windows Security Log Event ID 636

Operating Systems Windows Server 2000
Windows 2003 and XP
CategoryAccount Management
Type Success
Corresponding events
in Windows 2008
and Vista
4732  

636: Security Enabled Local Group Member Added

On this page

Member added to security local group. "Caller user" added "member name" to the "target" group. Member may be a user, computer or another group.

Type:

AD has 2 types of groups: Security and Distribution. Distribution (security disabled) groups are for distribution lists in Exchange and cannot be assigned permissions or rights. Security (security enabled) groups can be used for permissions, rights and as distribution lists.

Scope:

AD has 3 scopes of groups: Local, Global, Universal. See knowledge base article 326265.

Free Security Log Resources by Randy

Description Fields in 636

  • Member Name: %1
  • Member ID: %2
  • Target Account Name: %3
  • Target Domain: %4
  • Target Account ID: %5
  • Caller User Name: %6
  • Caller Domain: %7
  • Caller Logon ID: %8
  • Privileges: %9

Supercharger Enterprise


Load Balancing for Windows Event Collection

 

Examples of 636

Security Enabled Local Group Member Added:
Member Name:cn=alice,DC=elmw2,DC=local
Member ID:ELMW2\alicej
Target Account Name:AccountingStaff
Target Domain:ELMW2
Target Account ID:ELMW2\AccountingStaff
Caller User Name:Administrator
Caller Domain:ELMW2
Caller Logon ID:(0x0,0x1469C1)
Privileges:-

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Upcoming Webinars
    Additional Resources