When
|
At what date and time a user activity originated in the system.
|
DateTime
|
10.10.2000 19:00:00
|
Who
|
Account or user name under which the activity occured.
|
User
|
RESEARCH\Alebovsky
|
What
|
The type of activity occurred (e.g. Logon, Password Changed, etc.)
|
"Group Policy Object Modified"
|
Group Policy Object Modified
|
Where
|
The name of the workstation/server where the activity was logged.
|
Computer
|
DC1
|
Where From
|
The name of the workstation/server where the activity was initiated from.
|
Client Computer
|
10.0.0.1
|
Severity
|
Specify the seriousness of the event.
|
"Medium"
|
Medium
|
WhoDomain
|
|
-
|
|
WhereDomain
|
|
-
|
|
Policy Name
|
The name of the affected policy.
|
Setting Name
|
Content of "C:\WINDOWS\SYSVOL\DOMAIN\POLICIES\{693C5182-0240-4289-9F7F-CF41AFC48C4D}\GPT.INI"
|
GPO Name
|
The name of GPO where some policy was changed
|
GPO Name
|
Employees
|
Value Before
|
The policy value before the change
|
Old Value
|
N/A
|
Value After
|
The policy value after the change
|
New Value
|
N/A
|
Result
|
Successful or Failed
|
"Successful"
|
Successful
|