Windows Security Log Event ID 649
Operating Systems |
Windows Server 2000
Windows 2003 and XP
|
Category | Account Management |
Type
|
Success
|
Corresponding events
in Windows
2008 and Vista |
4745
|
649: Security Disabled Local Group Changed
On this page
Distribution local group changed. Type: AD has 2 types of groups: Security and Distribution. Distribution (security disabled) groups are for distribution lists in Exchange and cannot be assigned permissions or rights. Security (security enabled) groups can be used for permissions, rights and as distribution lists.
Scope: AD has 3 scopes of groups: Local, Global, Universal. See knowledge base article 326265.
This event does include group member additions and deletions for which there are other event IDs.
This event is only logged on Domain Controllers.
Free Security Log Resources by Randy
- Target Account Name: %1
- Target Domain: %2
- Target Account ID: %3
- Caller User Name: %4
- Caller Domain: %5
- Caller Logon ID: %6
- Privileges: %7
- Changed Attributes: (the following fields appear only on Server 2003)
- Sam Account Name: %8
- Sid History: %9
Supercharger Free Edition
Your entire Windows Event Collection environment on a single pane of glass.
Free.
Security [type] [scope] Group Changed:
Target Account Name:AccountingStaff
Target Domain:ELMW2
Target Account ID:AccountingStaff
Caller User Name:Administrator
Caller Domain:ELMW2
Caller Logon ID:(0x0,0x12D622)
Privileges:-
Windows Server 2003 adds these fields:
Changed Attributes:
Sam Account Name:-
Sid History:-
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection