Event Type: Warning
Event Source: ITAD Directory Changes
Event Category: None
Event ID: 46
Date: 10/29/2009
Time: 07:09:07
User: RESEARCH\CBrown
Computer: DC1
Description:
ChangeAuditor for Active Directory prevented modification of AD object security descriptor.
Client Computer : 10.0.0.1
Object DN : CN={CABC510B-5D32-4202-A000-36ED89222065},CN=Policies,CN=System,DC=research,DC=corp
Object Class : groupPolicyContainer
Object GUID : {5ADBBF6C-CC17-4C69-8E3E-A01900C77AAB}
Action : ACE Addition
Type : Permission Allow
Trustee : CREATOR OWNER
Trustee Type : Well Known Group
Inherited : No
Apply To : Child objects only
Old Access Type : <not set>
New Access Type : Create All Child Objects, Delete All Child Objects,
List Child Objects, All Validated Writes, Read All Properties, Write All Properties,
Delete Subtree, List Contents, Delete, Read Permissions, Modify Permissions, Modify Owner
Request ID : {CE149FF1-60EC-45C2-849B-64A41779CB81}
===========================
Description template:
===========================
ChangeAuditor for Active Directory prevented modification of AD object security descriptor.
Client Computer : %13
Object DN : %1
Object Class : %2
Object GUID : %3
Action : %4
Type : %5
Trustee : %6
Trustee Type : %7
Inherited : %8
Apply To : %9
Old Access Type : %10
New Access Type : %11
Request ID : %12
|
When
|
At what date and time a user activity originated in the system.
|
DateTime
|
1/1/2000
|
Who
|
Account or user name under which the activity occured.
|
User
|
SomeUser
|
What
|
The type of activity occurred (e.g. Logon, Password Changed, etc.)
|
"Attempt to Change AD Object Permissions"
|
Attempt to Change AD Object Permissions
|
Where
|
The name of the workstation/server where the activity was logged.
|
Computer
|
10.10.10.10
|
Where From
|
The name of the workstation/server where the activity was initiated from.
|
Client Computer
|
10.0.0.1
|
Severity
|
Specify the seriousness of the event.
|
"Medium"
|
Medium
|
WhoDomain
|
|
-
|
|
WhereDomain
|
|
-
|
|
Object Type
|
The type of object whose permissions were changed (e.g. AD object, file, registry, etc.)
|
Object Class
|
groupPolicyContainer
|
Object Name
|
The name of the object whose permissions were changed (e.g. full system path to the file or folder)
|
Object DN
|
CN={CABC510B-5D32-4202-A000-36ED89222065},CN=Policies,CN=System,DC=research,DC=corp
|
To Whom
|
Account whose access permissions to the object were changed
|
Trustee
|
CREATOR OWNER
|
Result
|
Successful or Failed
|
"Protected"
|
Protected
|
|