Pages

Wednesday, August 8, 2012

Event IDs on Account , System and policy management

Here are the few event logs IDs that can help in identifying few account, security and policy related issues:

  •         624 – User Account Created
  •         626 – User Account Enabled
  •         627 – Password Change Attempted
  •         628 – User Account Password Set
  •         629 – User Account Disabled
  •         630 – User Account Deleted
  •         631 – Security Enabled Global Group Created
  •         632 – Security Enabled Global Group Member Added
  •         633 – Security Enabled Global Group Member Removed
  •         634 – Security Enabled Global Group Deleted
  •         635 – Security Enabled Local Group Created
  •         636 – Security Enabled Local Group Member Added
  •         637 – Security Enabled Local Group Member Removed
  •         638 – Security Enabled Local Group Deleted
  •         639 – Security Enabled Local Group Changed
  •         641 – Security Enabled Global Group Changed
  •         642 – User Account Changed
  •         643 – Domain Policy Changed
  •          512 – Windows is starting up
  •         513 – Windows is shutting down (you will probably not see this event before the system is   restarted)
  •         516 – Internal resources allocated for queuing of security event messages have been exhausted, leading to the loss of security event messages
  •         517 – The security log was cleared
  •     Policy Change
  •         608 – A user right was assigned
  •         609 – A user right was removed
  •         610 – A trust relationship with another domain was created
  •         611 – A trust relationship with another domain was removed
  •         612 – An audit policy was changed
  •         768 – A collision was detected between a namespace element in one forest and a namespace element in another forest

1 comment:

  1. The Page is very useful in analysing critical user login issues.

    ReplyDelete