Event Details
Operating System->Microsoft Windows->Application logs->Quest->Active Roles 7 or higher->EventID 1003 - User is connected to Administration Service.
EventID 1003 - User is connected to Administration Service.
 Sample: 
Log Name:      ARAdminService
Source:        ARAdminSvc
Date:          10/26/2016 2:45:42 PM
Event ID:      1003
Task Category: Connect/Disconnect
Level:         Information
Keywords:      Classic,Audit Success
User:          ITSS\active.roles
Computer:      IIZHU1.itss.wm.zhu.cn.qsft
Description:
User is connected to Active Roles Administration Service. 
User ID: ITSS\active.roles 
Logon ID:
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: ARAdminService
Filtering Field Equals to Value
Source ARAdminSvc
EventId 1003
Field Matching
FieldDescriptionStored inSample Value
DateTime Date/Time of event origination in GMT format. DateTime 10.10.2000 19:00:00
Source Name of an Application or System Service originating the event. Source Security
Type Warning, Information, Error, Success, Failure, etc. Type Success
User Domain\Account name of user/service/computer initiating event. User RESEARCH\Alebovsky
Computer Name of server workstation where event was logged. Computer DC1
EventID Numerical ID of event. Unique within one Event Source. EventId 576
Description The entire unparsed event message. Description Special privileges assigned to new logon.
Log Name The name of the event log (e.g. Application, Security, System, etc.) LogName Security
Category A name for a subclass of events within the same Event Source. Category AttestationReview
Whom -
Logon ID InsertionString2
Comments
You must be logged in to comment