Event Details
Operating System->Microsoft Windows->Application logs->Quest->Change Auditor->Change Auditor for Active Directory->ITAD Directory Changes->EventID 40 - Failed attempt to modify AD object security descriptor.
EventID 40 - Failed attempt to modify AD object security descriptor.
 Sample: 
Event Type:     Warning
Event Source:   ITAD Directory Changes
Event Category: None
Event ID:       40
Date:           10/30/2009
Time:           06:25:08
User:           RESEARCH\DKrane
Computer:       DC1
Description:    
Failed attempt to modify AD object security descriptor.
	Client Computer : 10.0.0.1
	Object DN : OU=Setup Operators,DC=research,DC=corp
	Object Class : organizationalUnit
	Object GUID : {9A60E55F-FB00-477C-B908-826D31AA9DDB}
	Action : ACE Removal
	Type : Permission Allow
	Trustee : NT AUTHORITY\Authenticated Users
	Trustee Type : Well Known Group
	Inherited : No
	Apply To : This object only
	Old Access Type : List Child Objects, Read All Properties, List Contents, Read Permissions
	New Access Type : <not set>
	Failure Type : Access denied
	Request ID : {E3D89B36-AE99-45D8-85E4-71D7463FEDD1}
===========================
Description template:
===========================
Failed attempt to modify AD object security descriptor.
   Client Computer : %14
   Object DN : %1
   Object Class : %2
   Object GUID : %3
   Action : %4
   Type : %5
   Trustee : %6
   Trustee Type : %7
   Inherited : %8
   Apply To : %9
   Old Access Type : %10
   New Access Type : %11
   Failure Type : %12
   Request ID : %13
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: InTrust for AD
Filtering Field Equals to Value
Source ITAD Directory Changes
EventId 40
Field Matching
FieldDescriptionStored inSample Value
DateTime Date/Time of event origination in GMT format. DateTime 10.10.2000 19:00:00
Source Name of an Application or System Service originating the event. Source Security
Type Warning, Information, Error, Success, Failure, etc. InsertionString5 Success
User Domain\Account name of user/service/computer initiating event. User RESEARCH\Alebovsky
Computer Name of server workstation where event was logged. Computer DC1
EventID Numerical ID of event. Unique within one Event Source. EventId 576
Description The entire unparsed event message. Description Special privileges assigned to new logon.
Log Name The name of the event log (e.g. Application, Security, System, etc.) LogName Security
Category A name for a subclass of events within the same Event Source. Category AttestationReview
Whom The object name to which the activity was applied. InsertionString1
Client Computer InsertionString14 10.0.0.1
Request ID InsertionString13 {E3D89B36-AE99-45D8-85E4-71D7463FEDD1}
Object DN InsertionString1 OU=Setup Operators,DC=research,DC=corp
Object Class InsertionString2 organizationalUnit
Object GUID InsertionString3 {9A60E55F-FB00-477C-B908-826D31AA9DDB}
Action InsertionString4 ACE Removal
Trustee InsertionString6 NT AUTHORITY\Authenticated Users
Trustee Type InsertionString7 Well Known Group
Inherited InsertionString8 No
Applied to InsertionString9 This object only
Old Access Type InsertionString10 List Child Objects, Read %All Properties, List Contents, Read Permissions
New Access Type InsertionString11 <not set>
Failure Type InsertionString12 Access denied
Permission InsertionString5 Permission Allow
Comments
You must be logged in to comment