Event Details
Operating System->Microsoft Windows->Application logs->Quest->Change Auditor->Change Auditor for File Access->Local Access->EventID 274 - Object permissions changed.
EventID 274 - Object permissions changed.
 Sample: 
Event Type:     SuccessAudit
Event Source:   Quest File Access Audit Source
Event Category: Local Access
Event ID:       274
Date:           10/28/2009
Time:           10:00:27
User:           RESEARCH\Alebovsky
Computer:       SERVER
Description:    
Object permissions changed: 

	Primary User Name: ALebovsky 

	Primary User Domain: RESEARCH 

	Client User Name:  

	Client User Domain:  

	User Logon ID: (0x0,0x43A4F) 

	Process: C:\WINDOWS\explorer.exe 

	Object Type: File 

	Object Path: C:\documents\Log.txt 

	ACE Action: ACE modified 

	ACE Type: Allow permission 

	Trustee: BUILTIN\Administrators 

	Inherited: No 

	Apply To: This object 

	Old Access Type: Full Control 

	New Access Type: Read, Write 

	Transaction ID:
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Quest File Access Audit
Filtering Field Equals to Value
Category ITFA:Local Access
Source Quest File Access Audit Source
EventId 274
Field Matching
FieldDescriptionStored inSample Value
DateTime Date/Time of event origination in GMT format. DateTime 10.10.2000 19:00:00
Source Name of an Application or System Service originating the event. Source Security
Type Warning, Information, Error, Success, Failure, etc. Type Success
User Domain\Account name of user/service/computer initiating event. User RESEARCH\Alebovsky
Computer Name of server workstation where event was logged. Computer DC1
EventID Numerical ID of event. Unique within one Event Source. EventId 576
Description The entire unparsed event message. Description Special privileges assigned to new logon.
Log Name The name of the event log (e.g. Application, Security, System, etc.) LogName Security
Category A name for a subclass of events within the same Event Source. Category AttestationReview
Primary User Name InsertionString3 ALebovsky
Primary User Domain InsertionString4 RESEARCH
Client User Name InsertionString1
Client User Domain InsertionString2
User Logon ID InsertionString5 (0x0,0x34B66)
Process InsertionString8 C:\WINDOWS\explorer.exe
Object Type InsertionString20 %File
Object Path InsertionString7 C:\documents\Log.txt
ACE Action InsertionString30 %ACE modified
ACE Type InsertionString31 %Allow permission
Trustee InsertionString32 BUILTIN\Administrators
Inherited InsertionString33 %No
Apply To InsertionString34 %This object
Old Access Type InsertionString35 %Full Control
New Access Type InsertionString36 %Read, %Write
Transaction ID InsertionString9
Comments
You must be logged in to comment