Event Details
Operating System->Microsoft Windows->Application logs->Quest->Change Auditor->Change Auditor for Active Directory->ITAD Directory Changes->EventID 54 - Prevention of a list of Group Policy Objects linked to AD container modification.
EventID 54 - Prevention of a list of Group Policy Objects linked to AD container modification.
 Sample: 
Event Type:     Warning
Event Source:   ITAD Directory Changes
Event Category: None
Event ID:       54
Date:           10/30/2009
Time:           09:48:34
User:           RESEARCH\CBrown
Computer:       DC1
Description:    
ChangeAuditor for Active Directory prevented modification of a list of Group Policy Objects linked to AD container.
	Client Computer : 10.0.0.1
	Container DN : OU=Setup Operators,DC=research,DC=corp
	Container GUID : {9A60E55F-FB00-477C-B908-826D31AA9DDB}
	Action : Link Addition
	GPO name : N/A
	Old GPO options : <not set>
	New GPO options : Enabled; Override
	Old GPO order : <not set>
	New GPO order : 2
	Request ID : {1E076ABD-0393-459A-A447-9777BDF718B8}
===========================
Description template:
===========================
ChangeAuditor for Active Directory prevented modification of a list of Group Policy Objects linked to AD container.
   Client Computer : %11
   Container DN : %1
   Container GUID : %3
   Action : %4
   GPO name : %5
   Old GPO options : %6
   New GPO options : %7
   Old GPO order : %8
   New GPO order : %9
   Request ID : %10
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: InTrust for AD
Filtering Field Equals to Value
Source ITAD Directory Changes
EventId 54
Field Matching
FieldDescriptionStored inSample Value
DateTime Date/Time of event origination in GMT format. DateTime 10.10.2000 19:00:00
Source Name of an Application or System Service originating the event. Source Security
Type Warning, Information, Error, Success, Failure, etc. Type Success
User Domain\Account name of user/service/computer initiating event. User RESEARCH\Alebovsky
Computer Name of server workstation where event was logged. Computer DC1
EventID Numerical ID of event. Unique within one Event Source. EventId 576
Description The entire unparsed event message. Description Special privileges assigned to new logon.
Log Name The name of the event log (e.g. Application, Security, System, etc.) LogName Security
Category A name for a subclass of events within the same Event Source. Category AttestationReview
Whom The object name to which the activity was applied. InsertionString1
Client Computer InsertionString11 10.0.0.1
Request ID InsertionString10 {1E076ABD-0393-459A-A447-9777BDF718B8}
Container DN InsertionString1 OU=Setup Operators,DC=research,DC=corp
Container GUID InsertionString3 {9A60E55F-FB00-477C-B908-826D31AA9DDB}
Action InsertionString4 Link Addition
GPO name InsertionString5 N/A
Old GPO options InsertionString6 <not set>
New GPO options InsertionString7 Enabled; Override
Old GPO order InsertionString8 <not set>
New GPO order InsertionString9 2
Comments
You must be logged in to comment