Welcome to Event-o-Pedia

Search Advanced Ex: logon failure -"account disabled" -"LogType:Windows Event Log" 630 event(s) found in the alternate event classification Events by Sources Found categories (417 - Events, 0 - Folders): EventID 1102 - The audit log was cleared. User Activity->System Events->Windows 2008->EventID 1102 - The audit log was cleared. EventID 1104 - The security log is now full. User Activity->System Events->Windows 2008->EventID 1104 - The security log is now full. EventID 1108 - The event logging service encountered an error while processing an incoming event published from %3. User Activity->System Events->Windows 2008->EventID 1108 - The event logging service encountered an error while processing an incoming event published from %3. EventID 4611 - A trusted logon process has been registered with the Local Security Authority. User Activity->System Events->Windows 2008->EventID 4611 - A trusted logon process has been registered with the Local Security Authority. EventID 4612 - Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. User Activity->System Events->Windows 2008->EventID 4612 - Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. EventID 4622 - A security package has been loaded by the Local Security Authority. User Activity->System Events->Windows 2008->EventID 4622 - A security package has been loaded by the Local Security Authority. EventID 4624 - An account was successfully logged on. (Interactive logon) User Activity->Logons->Successful Logons->Windows 2008->EventID 4624 - An account was successfully logged on. (Interactive logon) EventID 4624 - An account was successfully logged on. (Non-interactive logon) User Activity->Logons->Successful Logons->Windows 2008->EventID 4624 - An account was successfully logged on. (Non-interactive logon) EventID 4625 - An account failed to log on (Account Lockout). User Activity->Logons->Failed Logons->Windows 2008->EventID 4625 - An account failed to log on (Account Lockout). EventID 4625 - An account failed to log on. User Activity->Logons->Failed Logons->Windows 2008->EventID 4625 - An account failed to log on. EventID 4626 - User / Device claims information. User Activity->Logons->Successful Logons->Windows 2008->EventID 4626 - User / Device claims information. EventID 4627 - Group membership information. User Activity->Logons->Successful Logons->Windows 2008->EventID 4627 - Group membership information. EventID 4634 - An account was logged off. User Activity->Logons->Successful Logons->Windows 2008->EventID 4634 - An account was logged off. EventID 4647 - User initiated logoff. User Activity->Logons->Successful Logons->Windows 2008->EventID 4647 - User initiated logoff. EventID 4648 - A logon was attempted using explicit credentials. User Activity->Logons->Successful Logons->Windows 2008->EventID 4648 - A logon was attempted using explicit credentials. EventID 4652 - An IPsec Main Mode negotiation failed. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 4652 - An IPsec Main Mode negotiation failed. EventID 4653 - An IPsec Main Mode negotiation failed. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 4653 - An IPsec Main Mode negotiation failed. EventID 4654 - An IPsec Quick Mode negotiation failed. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 4654 - An IPsec Quick Mode negotiation failed. EventID 4656 - A handle to an object was requested - Failed User Activity->Object Access->File System Object Access->Windows 2008->EventID 4656 - A handle to an object was requested - Failed EventID 4656 - A handle to an object was requested - Failed User Activity->Object Access->Registry Object Access->Windows 2008->EventID 4656 - A handle to an object was requested - Failed EventID 4656 - A handle to an object was requested - Successful User Activity->Object Access->File System Object Access->Windows 2008->EventID 4656 - A handle to an object was requested - Successful EventID 4656 - A handle to an object was requested - Successful User Activity->Object Access->Registry Object Access->Windows 2008->EventID 4656 - A handle to an object was requested - Successful EventID 4657 - A registry value was modified. User Activity->Object Access->Registry Object Access->Windows 2008->EventID 4657 - A registry value was modified. EventID 4661 - A handle to an object was requested - Failed User Activity->Object Access->Active Directory Object Access->Windows 2008->EventID 4661 - A handle to an object was requested - Failed EventID 4661 - A handle to an object was requested - Successful User Activity->Object Access->Active Directory Object Access->Windows 2008->EventID 4661 - A handle to an object was requested - Successful EventID 4662 - An operation was performed on an object - Failed. User Activity->Object Access->Active Directory Object Access->Windows 2008->EventID 4662 - An operation was performed on an object - Failed. EventID 4662 - An operation was performed on an object - Successful. User Activity->Object Access->Active Directory Object Access->Windows 2008->EventID 4662 - An operation was performed on an object - Successful. EventID 4663 - An attempt was made to access an object. User Activity->Object Access->File System Object Access->Windows 2008->EventID 4663 - An attempt was made to access an object. EventID 4663 - An attempt was made to access an object. User Activity->Object Access->Registry Object Access->Windows 2008->EventID 4663 - An attempt was made to access an object. EventID 4670 - Permissions on an object were changed. User Activity->Permission Changes->Registry Object Permission Changes->Windows 2008->EventID 4670 - Permissions on an object were changed. EventID 4670 - Permissions on an object were changed. User Activity->Permission Changes->File System Permission Changes->Windows 2008->EventID 4670 - Permissions on an object were changed. EventID 4672 - Special privileges assigned to new logon. User Activity->Logons->Successful Logons->Windows 2008->EventID 4672 - Special privileges assigned to new logon. EventID 4674 - An operation was attempted on a privileged object - Failure. User Activity->System Events->Windows 2008->EventID 4674 - An operation was attempted on a privileged object - Failure. EventID 4675 - SIDs were filtered. User Activity->Logons->Failed Logons->Windows 2008->EventID 4675 - SIDs were filtered. EventID 4688 - A new process has been created. User Activity->Programs Execution->Windows 2008->EventID 4688 - A new process has been created. EventID 4689 - A process has exited. User Activity->Programs Execution->Windows 2008->EventID 4689 - A process has exited. EventID 4695 - Unprotection of auditable protected data was attempted. User Activity->System Events->Windows 2008->EventID 4695 - Unprotection of auditable protected data was attempted. EventID 4703 - A token right was adjusted. User Activity->Policy Changes->User Rights Assignment->Windows 2008->EventID 4703 - A token right was adjusted. EventID 4704 - A user right was assigned. User Activity->Policy Changes->User Rights Assignment->Windows 2008->EventID 4704 - A user right was assigned. EventID 4705 - A user right was removed. User Activity->Policy Changes->User Rights Assignment->Windows 2008->EventID 4705 - A user right was removed. EventID 4706 - A new trust was created to a domain. User Activity->Policy Changes->Windows 2008->EventID 4706 - A new trust was created to a domain. EventID 4707 - A trust to a domain was removed. User Activity->Policy Changes->Windows 2008->EventID 4707 - A trust to a domain was removed. EventID 4709 - IPsec Services was started. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 4709 - IPsec Services was started. EventID 4710 - IPsec Services was disabled. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 4710 - IPsec Services was disabled. EventID 4712 - IPsec Services encountered a potentially serious failure. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 4712 - IPsec Services encountered a potentially serious failure. EventID 4713 - Kerberos policy was changed. User Activity->Policy Changes->Windows 2008->EventID 4713 - Kerberos policy was changed. EventID 4714 - Encrypted data recovery policy was changed. User Activity->Policy Changes->Windows 2008->EventID 4714 - Encrypted data recovery policy was changed. EventID 4715 - The audit policy (SACL) on an object was changed. User Activity->Policy Changes->Windows 2008->EventID 4715 - The audit policy (SACL) on an object was changed. EventID 4716 - Trusted domain information was modified. User Activity->Policy Changes->Windows 2008->EventID 4716 - Trusted domain information was modified. EventID 4717 - System security access was granted to an account. User Activity->Policy Changes->User Rights Assignment->Windows 2008->EventID 4717 - System security access was granted to an account. EventID 4718 - System security access was removed from an account. User Activity->Policy Changes->User Rights Assignment->Windows 2008->EventID 4718 - System security access was removed from an account. EventID 4719 - System audit policy was changed. User Activity->Policy Changes->Windows 2008->EventID 4719 - System audit policy was changed. EventID 4720 - A user account was created. User Activity->Account Management->Account Changes->User Account Changes->Windows 2008->EventID 4720 - A user account was created. EventID 4722 - A user account was enabled. User Activity->Account Management->Account Changes->User Account Changes->Windows 2008->EventID 4722 - A user account was enabled. EventID 4723 - An attempt was made to change an account's password. User Activity->Account Management->Password Changes->Windows 2008->EventID 4723 - An attempt was made to change an account's password. EventID 4724 - An attempt was made to reset an account's password. User Activity->Account Management->Password Changes->Windows 2008->EventID 4724 - An attempt was made to reset an account's password. EventID 4725 - A user account was disabled. User Activity->Account Management->Account Changes->User Account Changes->Windows 2008->EventID 4725 - A user account was disabled. EventID 4726 - A user account was deleted. User Activity->Account Management->Account Changes->User Account Changes->Windows 2008->EventID 4726 - A user account was deleted. EventID 4727 - A security-enabled global group was created. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4727 - A security-enabled global group was created. EventID 4728 - A member was added to a security-enabled global group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4728 - A member was added to a security-enabled global group. EventID 4729 - A member was removed from a security-enabled global group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4729 - A member was removed from a security-enabled global group. EventID 4730 - A security-enabled global group was deleted. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4730 - A security-enabled global group was deleted. EventID 4731 - A security-enabled local group was created. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4731 - A security-enabled local group was created. EventID 4732 - A member was added to a security-enabled local group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4732 - A member was added to a security-enabled local group. EventID 4733 - A member was removed from a security-enabled local group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4733 - A member was removed from a security-enabled local group. EventID 4734 - A security-enabled local group was deleted. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4734 - A security-enabled local group was deleted. EventID 4735 - A security-enabled local group was changed. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4735 - A security-enabled local group was changed. EventID 4737 - A security-enabled global group was changed. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4737 - A security-enabled global group was changed. EventID 4738 - A user account was changed. User Activity->Account Management->Account Changes->User Account Changes->Windows 2008->EventID 4738 - A user account was changed. EventID 4739 - Domain Policy was changed. User Activity->Policy Changes->Windows 2008->EventID 4739 - Domain Policy was changed. EventID 4740 - A user account was locked out. User Activity->Account Management->Account Lockouts/Unlocks->Windows 2008->EventID 4740 - A user account was locked out. EventID 4741 - A computer account was created. Indicates a successful creation of a "New Computer Account" by "Subject" user. User Activity->Account Management->Account Changes->Computer Account Changes->Windows 2008->EventID 4741 - A computer account was created. EventID 4742 - A computer account was changed. Indicates that a computer account ("Computer Account That Was Changed") was successfully changed by "Subject" user. User Activity->Account Management->Account Changes->Computer Account Changes->Windows 2008->EventID 4742 - A computer account was changed. EventID 4743 - A computer account was deleted. User Activity->Account Management->Account Changes->Computer Account Changes->Windows 2008->EventID 4743 - A computer account was deleted. EventID 4744 - A security-disabled local group was created. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4744 - A security-disabled local group was created. EventID 4745 - A security-disabled local group was changed. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4745 - A security-disabled local group was changed. EventID 4746 - A member was added to a security-disabled local group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4746 - A member was added to a security-disabled local group. EventID 4747 - A member was removed from a security-disabled local group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4747 - A member was removed from a security-disabled local group. EventID 4748 - A security-disabled local group was deleted. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4748 - A security-disabled local group was deleted. EventID 4749 - A security-disabled global group was created. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4749 - A security-disabled global group was created. EventID 4750 - A security-disabled global group was changed. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4750 - A security-disabled global group was changed. EventID 4751 - A member was added to a security-disabled global group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4751 - A member was added to a security-disabled global group. EventID 4752 - A member was removed from a security-disabled global group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4752 - A member was removed from a security-disabled global group. EventID 4753 - A security-disabled global group was deleted. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4753 - A security-disabled global group was deleted. EventID 4754 - A security-enabled universal group was created. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4754 - A security-enabled universal group was created. EventID 4755 - A security-enabled universal group was changed. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4755 - A security-enabled universal group was changed. EventID 4756 - A member was added to a security-enabled universal group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4756 - A member was added to a security-enabled universal group. EventID 4757 - A member was removed from a security-enabled universal group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4757 - A member was removed from a security-enabled universal group. EventID 4758 - A security-enabled universal group was deleted. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4758 - A security-enabled universal group was deleted. EventID 4759 - A security-disabled universal group was created. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4759 - A security-disabled universal group was created. EventID 4760 - A security-disabled universal group was changed. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4760 - A security-disabled universal group was changed. EventID 4761 - A member was added to a security-disabled universal group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4761 - A member was added to a security-disabled universal group. EventID 4762 - A member was removed from a security-disabled universal group. User Activity->Account Management->Group Membership Changes->Windows 2008->EventID 4762 - A member was removed from a security-disabled universal group. EventID 4763 - A security-disabled universal group was deleted. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4763 - A security-disabled universal group was deleted. EventID 4764 - A group's type was changed. User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4764 - A group's type was changed. EventID 4766 - An attempt to add SID History to an account failed. User Activity->Account Management->Account Changes->User Account Changes->Windows 2008->EventID 4766 - An attempt to add SID History to an account failed. EventID 4767 - A user account was unlocked. User Activity->Account Management->Account Lockouts/Unlocks->Windows 2008->EventID 4767 - A user account was unlocked. EventID 4768 - A Kerberos authentication ticket (TGT) was requested - Failure. User Activity->Logons->Failed Logons->Windows 2008->EventID 4768 - A Kerberos authentication ticket (TGT) was requested - Failure. EventID 4768 - A Kerberos authentication ticket (TGT) was requested - Success. User Activity->Logons->Successful Logons->Windows 2008->EventID 4768 - A Kerberos authentication ticket (TGT) was requested - Success. EventID 4769 - A Kerberos service ticket was requested - Failure. User Activity->Logons->Failed Logons->Windows 2008->EventID 4769 - A Kerberos service ticket was requested - Failure. EventID 4769 - A Kerberos service ticket was requested - Success. User Activity->Logons->Successful Logons->Windows 2008->EventID 4769 - A Kerberos service ticket was requested - Success. EventID 4770 - A Kerberos service ticket was renewed. User Activity->Logons->Successful Logons->Windows 2008->EventID 4770 - A Kerberos service ticket was renewed. EventID 4771 - Kerberos pre-authentication failed. User Activity->Logons->Failed Logons->Windows 2008->EventID 4771 - Kerberos pre-authentication failed. EventID 4772 - A Kerberos authentication ticket request failed. Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. 4768 failure event is generated instead. User Activity->Logons->Failed Logons->Windows 2008->EventID 4772 - A Kerberos authentication ticket request failed. EventID 4774 - An account was mapped for logon. User Activity->Account Management->Account Changes->User Account Changes->Windows 2008->EventID 4774 - An account was mapped for logon. EventID 4775 - An account could not be mapped for logon. It appears that this event never occurs. User Activity->Logons->Failed Logons->Windows 2008->EventID 4775 - An account could not be mapped for logon. EventID 4776 - The computer attempted to validate the credentials for an account. User Activity->Logons->Failed Logons->Windows 2008->EventID 4776 - The computer attempted to validate the credentials for an account. EventID 4776 - The computer attempted to validate the credentials for an account. User Activity->Logons->Successful Logons->Windows 2008->EventID 4776 - The computer attempted to validate the credentials for an account. EventID 4777 - The domain controller failed to validate the credentials for an account. Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. 4776 failure event is generated instead. User Activity->Logons->Failed Logons->Windows 2008->EventID 4777 - The domain controller failed to validate the credentials for an account. EventID 4778 - A session was reconnected to a Window Station. User Activity->Logons->Successful Logons->Windows 2008->EventID 4778 - A session was reconnected to a Window Station. EventID 4779 - A session was disconnected from a Window Station. User Activity->Logons->Successful Logons->Windows 2008->EventID 4779 - A session was disconnected from a Window Station. EventID 4781 - The name of an account was changed. User Activity->Account Management->Account Changes->User Account Changes->Windows 2008->EventID 4781 - The name of an account was changed. EventID 4797 - An attempt was made to query the existence of a blank password for an account. User Activity->Account Management->Query Information->EventID 4797 - An attempt was made to query the existence of a blank password for an account. EventID 4798 - A user's local group membership was enumerated. User Activity->Account Management->Query Information->EventID 4798 - A user's local group membership was enumerated. EventID 4799 - A security-enabled local group membership was enumerated. User Activity->Account Management->Query Information->EventID 4799 - A security-enabled local group membership was enumerated. EventID 4800 - The workstation was locked. User Activity->Logons->Successful Logons->Windows 2008->EventID 4800 - The workstation was locked. EventID 4801 - The workstation was unlocked. User Activity->Logons->Successful Logons->Windows 2008->EventID 4801 - The workstation was unlocked. EventID 4819 - Central Access Policies on the machine have been changed. User Activity->Policy Changes->Windows 2008->EventID 4819 - Central Access Policies on the machine have been changed. EventID 4820 - A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions. User Activity->Logons->Failed Logons->Windows 2008->EventID 4820 - A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions. EventID 4821 - A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions. User Activity->Logons->Failed Logons->Windows 2008->EventID 4821 - A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions. EventID 4822 - NTLM authentication failed because the account was a member of the Protected User group. User Activity->Logons->Failed Logons->Windows 2008->EventID 4822 - NTLM authentication failed because the account was a member of the Protected User group. EventID 4823 - NTLM authentication failed because access control restrictions are required. User Activity->Logons->Failed Logons->Windows 2008->EventID 4823 - NTLM authentication failed because access control restrictions are required. EventID 4824 - Kerberos preauthentication by using DES or RC4 failed because the account was a member of the Protected User group. User Activity->Logons->Failed Logons->Windows 2008->EventID 4824 - Kerberos preauthentication by using DES or RC4 failed because the account was a member of the Protected User group. EventID 4825 - A user was denied the access to Remote Desktop. User Activity->Logons->Failed Logons->Windows 2008->EventID 4825 - A user was denied the access to Remote Desktop. EventID 4826 - Boot Configuration Data loaded. User Activity->Policy Changes->Windows 2008->EventID 4826 - Boot Configuration Data loaded. EventID 4830 - SID History was removed from an account. User Activity->Account Management->Account Changes->User Account Changes->Windows 2008->EventID 4830 - SID History was removed from an account. EventID 4902 - The Per-user audit policy table was created. User Activity->Policy Changes->Windows 2008->EventID 4902 - The Per-user audit policy table was created. EventID 4904 - An attempt was made to register a security event source. User Activity->System Events->Windows 2008->EventID 4904 - An attempt was made to register a security event source. EventID 4905 - An attempt was made to unregister a security event source. User Activity->System Events->Windows 2008->EventID 4905 - An attempt was made to unregister a security event source. EventID 4906 - The CrashOnAuditFail value has changed. User Activity->Policy Changes->Windows 2008->EventID 4906 - The CrashOnAuditFail value has changed. EventID 4907 - Auditing settings on object were changed. User Activity->Policy Changes->Windows 2008->EventID 4907 - Auditing settings on object were changed. EventID 4908 - Special Groups Logon table modified. User Activity->Policy Changes->Windows 2008->EventID 4908 - Special Groups Logon table modified. EventID 4911 - Resource attributes of the object were changed. User Activity->Policy Changes->Windows 2008->EventID 4911 - Resource attributes of the object were changed. EventID 4912 - Per User Audit Policy was changed. User Activity->Policy Changes->Windows 2008->EventID 4912 - Per User Audit Policy was changed. EventID 4913 - Central Access Policy on the object was changed. User Activity->Policy Changes->Windows 2008->EventID 4913 - Central Access Policy on the object was changed. EventID 4935 - Replication failure begins. User Activity->System Events->Windows 2008->EventID 4935 - Replication failure begins. EventID 4936 - Replication failure ends. User Activity->System Events->Windows 2008->EventID 4936 - Replication failure ends. EventID 4944 - The following policy was active when the Windows Firewall started. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4944 - The following policy was active when the Windows Firewall started. EventID 4945 - A rule was listed when the Windows Firewall started. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4945 - A rule was listed when the Windows Firewall started. EventID 4946 - A change has been made to Windows Firewall exception list. A rule was added. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4946 - A change has been made to Windows Firewall exception list. A rule was added. EventID 4947 - A change has been made to Windows Firewall exception list. A rule was modified. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4947 - A change has been made to Windows Firewall exception list. A rule was modified. EventID 4948 - A change has been made to Windows Firewall exception list. A rule was deleted. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4948 - A change has been made to Windows Firewall exception list. A rule was deleted. EventID 4949 - Windows Firewall settings were restored to the default values. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4949 - Windows Firewall settings were restored to the default values. EventID 4950 - A Windows Firewall setting has changed. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4950 - A Windows Firewall setting has changed. EventID 4951 - A rule has been ignored because its major version number was not recognized by Windows Firewall. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4951 - A rule has been ignored because its major version number was not recognized by Windows Firewall. EventID 4952 - Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4952 - Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. EventID 4953 - A rule has been ignored by Windows Firewall because it could not parse the rule. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4953 - A rule has been ignored by Windows Firewall because it could not parse the rule. EventID 4954 - Windows Firewall Group Policy settings has changed. The new settings have been applied. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4954 - Windows Firewall Group Policy settings has changed. The new settings have been applied. EventID 4956 - Windows Firewall has changed the active profile. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4956 - Windows Firewall has changed the active profile. EventID 4957 - Windows Firewall did not apply the following rule. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4957 - Windows Firewall did not apply the following rule. EventID 4958 - Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 4958 - Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. EventID 4976 - During Main Mode negotiation, IPsec received an invalid negotiation packet. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 4976 - During Main Mode negotiation, IPsec received an invalid negotiation packet. EventID 4977 - During Quick Mode negotiation, IPsec received an invalid negotiation packet. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 4977 - During Quick Mode negotiation, IPsec received an invalid negotiation packet. EventID 4978 - During Extended Mode negotiation, IPsec received an invalid negotiation packet. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 4978 - During Extended Mode negotiation, IPsec received an invalid negotiation packet. EventID 4983 - An IPsec Extended Mode negotiation failed. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 4983 - An IPsec Extended Mode negotiation failed. EventID 4984 - An IPsec Extended Mode negotiation failed. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 4984 - An IPsec Extended Mode negotiation failed. EventID 5029 - The Windows Firewall Service failed to initialize the driver. User Activity->System Events->Windows 2008->EventID 5029 - The Windows Firewall Service failed to initialize the driver. EventID 5030 - The Windows Firewall Service failed to start. User Activity->System Events->Windows 2008->EventID 5030 - The Windows Firewall Service failed to start. EventID 5031 - The Windows Firewall Service blocked an application from accepting incoming connections on the network. User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2008->EventID 5031 - The Windows Firewall Service blocked an application from accepting incoming connections on the network. EventID 5035 - The Windows Firewall Driver failed to start. User Activity->System Events->Windows 2008->EventID 5035 - The Windows Firewall Driver failed to start. EventID 5037 - The Windows Firewall Driver detected critical runtime error. Terminating. User Activity->System Events->Windows 2008->EventID 5037 - The Windows Firewall Driver detected critical runtime error. Terminating. EventID 5038 - Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk dev... User Activity->System Events->Windows 2008->EventID 5038 - Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk dev... EventID 5040 - A change has been made to IPsec settings. An Authentication Set was added. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5040 - A change has been made to IPsec settings. An Authentication Set was added. EventID 5041 - A change has been made to IPsec settings. An Authentication Set was modified. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5041 - A change has been made to IPsec settings. An Authentication Set was modified. EventID 5042 - A change has been made to IPsec settings. An Authentication Set was deleted. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5042 - A change has been made to IPsec settings. An Authentication Set was deleted. EventID 5043 - A change has been made to IPsec settings. A Connection Security Rule was added. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5043 - A change has been made to IPsec settings. A Connection Security Rule was added. EventID 5044 - A change has been made to IPsec settings. A Connection Security Rule was modified. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5044 - A change has been made to IPsec settings. A Connection Security Rule was modified. EventID 5045 - A change has been made to IPsec settings. A Connection Security Rule was deleted. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5045 - A change has been made to IPsec settings. A Connection Security Rule was deleted. EventID 5046 - A change has been made to IPsec settings. A Crypto Set was added. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5046 - A change has been made to IPsec settings. A Crypto Set was added. EventID 5047 - A change has been made to IPsec settings. A Crypto Set was modified. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5047 - A change has been made to IPsec settings. A Crypto Set was modified. EventID 5048 - A change has been made to IPsec settings. A Crypto Set was deleted. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5048 - A change has been made to IPsec settings. A Crypto Set was deleted. EventID 5057 - A cryptographic primitive operation failed. User Activity->System Events->Windows 2008->EventID 5057 - A cryptographic primitive operation failed. EventID 5060 - Verification operation failed. User Activity->System Events->Windows 2008->EventID 5060 - Verification operation failed. EventID 5071 - Key access denied by Microsoft key distribution service. User Activity->System Events->Windows 2008->EventID 5071 - Key access denied by Microsoft key distribution service. EventID 5136 - A directory service object was modified. User Activity->Object Access->Active Directory Object Access->Windows 2008->EventID 5136 - A directory service object was modified. EventID 5137 - A directory service object was created. User Activity->Object Access->Active Directory Object Access->Windows 2008->EventID 5137 - A directory service object was created. EventID 5138 - A directory service object was undeleted. User Activity->Object Access->Active Directory Object Access->Windows 2008->EventID 5138 - A directory service object was undeleted. EventID 5139 - A directory service object was moved. User Activity->Object Access->Active Directory Object Access->Windows 2008->EventID 5139 - A directory service object was moved. EventID 5140 - A network share object was accessed. [2008 R2 or higher] User Activity->Object Access->File System Object Access->Windows 2008->EventID 5140 - A network share object was accessed. [2008 R2 or higher] EventID 5140 - A network share object was accessed. [2008] User Activity->Object Access->File System Object Access->Windows 2008->EventID 5140 - A network share object was accessed. [2008] EventID 5141 - A directory service object was deleted. User Activity->Object Access->Active Directory Object Access->Windows 2008->EventID 5141 - A directory service object was deleted. EventID 5142 - A network share object was added. User Activity->Object Access->File System Object Access->Windows 2008->EventID 5142 - A network share object was added. EventID 5143 - A network share object was modified. User Activity->Object Access->File System Object Access->Windows 2008->EventID 5143 - A network share object was modified. EventID 5144 - A network share object was deleted. User Activity->Object Access->File System Object Access->Windows 2008->EventID 5144 - A network share object was deleted. EventID 5145 - A network share object was checked to see whether client can be granted desired access. User Activity->Object Access->File System Object Access->Windows 2008->EventID 5145 - A network share object was checked to see whether client can be granted desired access. EventID 5146 - The Windows Filtering Platform has blocked a packet. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5146 - The Windows Filtering Platform has blocked a packet. EventID 5147 - A more restrictive Windows Filtering Platform filter has blocked a packet. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5147 - A more restrictive Windows Filtering Platform filter has blocked a packet. EventID 5148 - The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5148 - The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. EventID 5149 - The DoS attack has subsided and normal processing is being resumed. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5149 - The DoS attack has subsided and normal processing is being resumed. EventID 5150 - The Windows Filtering Platform has blocked a packet. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5150 - The Windows Filtering Platform has blocked a packet. EventID 5151 - A more restrictive Windows Filtering Platform filter has blocked a packet. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5151 - A more restrictive Windows Filtering Platform filter has blocked a packet. EventID 5152 - The Windows Filtering Platform blocked a packet. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5152 - The Windows Filtering Platform blocked a packet. EventID 5153 - A more restrictive Windows Filtering Platform filter has blocked a packet. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5153 - A more restrictive Windows Filtering Platform filter has blocked a packet. EventID 5154 - The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5154 - The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. EventID 5155 - The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5155 - The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. EventID 5156 - The Windows Filtering Platform has allowed a connection. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5156 - The Windows Filtering Platform has allowed a connection. EventID 5157 - The Windows Filtering Platform has blocked a connection. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5157 - The Windows Filtering Platform has blocked a connection. EventID 5158 - The Windows Filtering Platform has permitted a bind to a local port. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5158 - The Windows Filtering Platform has permitted a bind to a local port. EventID 5159 - The Windows Filtering Platform has blocked a bind to a local port. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5159 - The Windows Filtering Platform has blocked a bind to a local port. EventID 516 - Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits User Activity->System Events->Windows 2000-2003->EventID 516 - Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits EventID 5168 - SPN check for SMB/SMB2 fails. User Activity->Object Access->File System Object Access->Windows 2008->EventID 5168 - SPN check for SMB/SMB2 fails. EventID 517 - The audit log was cleared User Activity->System Events->Windows 2000-2003->EventID 517 - The audit log was cleared EventID 528 - Successful Interactive Logon [Win 2000] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 528 - Successful Interactive Logon [Win 2000] EventID 528 - Successful Interactive Logon [Win 2003] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 528 - Successful Interactive Logon [Win 2003] EventID 528 - Successful Interactive Logon [Win XP] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 528 - Successful Interactive Logon [Win XP] EventID 528 - Successful Logon [Win 2000] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 528 - Successful Logon [Win 2000] EventID 528 - Successful Logon [Win 2003] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 528 - Successful Logon [Win 2003] EventID 528 - Successful Logon [Win XP] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 528 - Successful Logon [Win XP] EventID 529 - Logon Failure - Unknown user name or bad password [Win 2000] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 529 - Logon Failure - Unknown user name or bad password [Win 2000] EventID 529 - Logon Failure - Unknown user name or bad password [Win 2003] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 529 - Logon Failure - Unknown user name or bad password [Win 2003] EventID 530 - Logon Failure - Account logon time restriction violation [Win 2000] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 530 - Logon Failure - Account logon time restriction violation [Win 2000] EventID 530 - Logon Failure - Account logon time restriction violation [Win 2003] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 530 - Logon Failure - Account logon time restriction violation [Win 2003] EventID 531 - Logon Failure - Account currently disabled [Win 2000] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 531 - Logon Failure - Account currently disabled [Win 2000] EventID 531 - Logon Failure - Account currently disabled [Win 2003] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 531 - Logon Failure - Account currently disabled [Win 2003] EventID 532 - Logon Failure - The specified user account has expired [Win 2000] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 532 - Logon Failure - The specified user account has expired [Win 2000] EventID 532 - Logon Failure - The specified user account has expired [Win 2003] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 532 - Logon Failure - The specified user account has expired [Win 2003] EventID 533 - Logon Failure - User not allowed to logon at this computer [Win 2000] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 533 - Logon Failure - User not allowed to logon at this computer [Win 2000] EventID 533 - Logon Failure - User not allowed to logon at this computer [Win 2003] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 533 - Logon Failure - User not allowed to logon at this computer [Win 2003] EventID 534 - Logon Failure - The user has not been granted the requested logon type at this machine [Win 2000] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 534 - Logon Failure - The user has not been granted the requested logon type at this machine [Win 2000] EventID 534 - Logon Failure - The user has not been granted the requested logon type at this machine [Win 2003] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 534 - Logon Failure - The user has not been granted the requested logon type at this machine [Win 2003] EventID 535 - Logon Failure - The specified account's password has expired [Win 2000] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 535 - Logon Failure - The specified account's password has expired [Win 2000] EventID 535 - Logon Failure - The specified account's password has expired [Win 2003] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 535 - Logon Failure - The specified account's password has expired [Win 2003] EventID 536 - The NetLogon component is not active User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 536 - The NetLogon component is not active EventID 537 - An unexpected error occurred during logon User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 537 - An unexpected error occurred during logon EventID 538 - User Logoff User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 538 - User Logoff EventID 539 - Logon Failure - Account locked out [Win 2000] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 539 - Logon Failure - Account locked out [Win 2000] EventID 539 - Logon Failure - Account locked out [Win 2003] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 539 - Logon Failure - Account locked out [Win 2003] EventID 540 - Successful Network Logon [Win 2000] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 540 - Successful Network Logon [Win 2000] EventID 540 - Successful Network Logon [Win 2003] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 540 - Successful Network Logon [Win 2003] EventID 5440 - The following callout was present when the Windows Filtering Platform Base Filtering Engine started. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5440 - The following callout was present when the Windows Filtering Platform Base Filtering Engine started. EventID 5441 - The following filter was present when the Windows Filtering Platform Base Filtering Engine started. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5441 - The following filter was present when the Windows Filtering Platform Base Filtering Engine started. EventID 5442 - The following provider was present when the Windows Filtering Platform Base Filtering Engine started. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5442 - The following provider was present when the Windows Filtering Platform Base Filtering Engine started. EventID 5443 - The following provider context was present when the Windows Filtering Platform Base Filtering Engine started. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5443 - The following provider context was present when the Windows Filtering Platform Base Filtering Engine started. EventID 5444 - The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5444 - The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started. EventID 5446 - A Windows Filtering Platform callout has been changed. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5446 - A Windows Filtering Platform callout has been changed. EventID 5447 - A Windows Filtering Platform filter has been changed. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5447 - A Windows Filtering Platform filter has been changed. EventID 5448 - A Windows Filtering Platform provider has been changed. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5448 - A Windows Filtering Platform provider has been changed. EventID 5449 - A Windows Filtering Platform provider context has been changed. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5449 - A Windows Filtering Platform provider context has been changed. EventID 5450 - A Windows Filtering Platform sub-layer has been changed. User Activity->Network and Firewall Tracking->Windows Filtering Platform->Windows 2008->EventID 5450 - A Windows Filtering Platform sub-layer has been changed. EventID 5453 - An IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service is not started. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5453 - An IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service is not started. EventID 5456 - PAStore Engine applied Active Directory storage IPsec policy on the computer. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5456 - PAStore Engine applied Active Directory storage IPsec policy on the computer. EventID 5457 - PAStore Engine failed to apply Active Directory storage IPsec policy on the computer. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5457 - PAStore Engine failed to apply Active Directory storage IPsec policy on the computer. EventID 5458 - PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5458 - PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer. EventID 5459 - PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5459 - PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer. EventID 5460 - PAStore Engine applied local registry storage IPsec policy on the computer. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5460 - PAStore Engine applied local registry storage IPsec policy on the computer. EventID 5461 - PAStore Engine failed to apply local registry storage IPsec policy on the computer. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5461 - PAStore Engine failed to apply local registry storage IPsec policy on the computer. EventID 5462 - PAStore Engine failed to apply some rules of the active IPsec policy on the computer. Use the IP Security Monitor snap-in to diagnose the problem. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5462 - PAStore Engine failed to apply some rules of the active IPsec policy on the computer. Use the IP Security Monitor snap-in to diagnose the problem. EventID 5463 - PAStore Engine polled for changes to the active IPsec policy and detected no changes. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5463 - PAStore Engine polled for changes to the active IPsec policy and detected no changes. EventID 5464 - PAStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Services. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5464 - PAStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Services. EventID 5465 - PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5465 - PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully. EventID 5466 - PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec po... User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5466 - PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec po... EventID 5467 - PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy. The cached copy of the Activ... User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5467 - PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy. The cached copy of the Activ... EventID 5468 - PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes. The cach... User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5468 - PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes. The cach... EventID 5471 - PAStore Engine loaded local storage IPsec policy on the computer. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5471 - PAStore Engine loaded local storage IPsec policy on the computer. EventID 5472 - PAStore Engine failed to load local storage IPsec policy on the computer. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5472 - PAStore Engine failed to load local storage IPsec policy on the computer. EventID 5473 - PAStore Engine loaded directory storage IPsec policy on the computer. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5473 - PAStore Engine loaded directory storage IPsec policy on the computer. EventID 5474 - PAStore Engine failed to load directory storage IPsec policy on the computer. User Activity->Network and Firewall Tracking->IPSec->Windows 2008->EventID 5474 - PAStore Engine failed to load directory storage IPsec policy on the computer. EventID 5477 - PAStore Engine failed to add quick mode filter. User Activity->Policy Changes->Windows 2008->EventID 5477 - PAStore Engine failed to add quick mode filter. EventID 548 - Domain SID is inconsistent User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 548 - Domain SID is inconsistent EventID 5480 - IPsec Services failed to get the complete list of network interfaces on the computer User Activity->System Events->Windows 2008->EventID 5480 - IPsec Services failed to get the complete list of network interfaces on the computer EventID 5484 - IPsec Services has experienced a critical failure and has been shut down User Activity->System Events->Windows 2008->EventID 5484 - IPsec Services has experienced a critical failure and has been shut down EventID 5485 - IPsec Services failed to process some IPsec filters on a plug-and-play event for network interfaces User Activity->System Events->Windows 2008->EventID 5485 - IPsec Services failed to process some IPsec filters on a plug-and-play event for network interfaces EventID 549 - All SIDs were filtered out User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 549 - All SIDs were filtered out EventID 551 - User initiated logoff [Win 2003 / XP] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 551 - User initiated logoff [Win 2003 / XP] EventID 552 - Logon attempt using explicit credentials [Win 2003] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 552 - Logon attempt using explicit credentials [Win 2003] EventID 552 - Logon attempt using explicit credentials [Win XP] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 552 - Logon attempt using explicit credentials [Win XP] EventID 560 - Object Open [Win 2000] - Failed User Activity->Object Access->File System Object Access->Windows 2000-2003->EventID 560 - Object Open [Win 2000] - Failed EventID 560 - Object Open [Win 2000] - Failed User Activity->Object Access->Registry Object Access->Windows 2000-2003->EventID 560 - Object Open [Win 2000] - Failed EventID 560 - Object Open [Win 2000] - Successful User Activity->Object Access->File System Object Access->Windows 2000-2003->EventID 560 - Object Open [Win 2000] - Successful EventID 560 - Object Open [Win 2000] - Successful User Activity->Object Access->Registry Object Access->Windows 2000-2003->EventID 560 - Object Open [Win 2000] - Successful EventID 560 - Object Open [Win 2003] - Failed User Activity->Object Access->File System Object Access->Windows 2000-2003->EventID 560 - Object Open [Win 2003] - Failed EventID 560 - Object Open [Win 2003] - Failed User Activity->Object Access->Registry Object Access->Windows 2000-2003->EventID 560 - Object Open [Win 2003] - Failed EventID 560 - Object Open [Win 2003] - Successful User Activity->Object Access->File System Object Access->Windows 2000-2003->EventID 560 - Object Open [Win 2003] - Successful EventID 560 - Object Open [Win 2003] - Successful User Activity->Object Access->Registry Object Access->Windows 2000-2003->EventID 560 - Object Open [Win 2003] - Successful EventID 565 - Object Open [Win 2000] - Failed User Activity->Object Access->Active Directory Object Access->Windows 2000-2003->EventID 565 - Object Open [Win 2000] - Failed EventID 565 - Object Open [Win 2000] - Successful User Activity->Object Access->Active Directory Object Access->Windows 2000-2003->EventID 565 - Object Open [Win 2000] - Successful EventID 565 - Object Open [Win 2003] - Failed User Activity->Object Access->Active Directory Object Access->Windows 2000-2003->EventID 565 - Object Open [Win 2003] - Failed EventID 565 - Object Open [Win 2003] - Successful User Activity->Object Access->Active Directory Object Access->Windows 2000-2003->EventID 565 - Object Open [Win 2003] - Successful EventID 566 - Object Operation [Win 2003] - Failure User Activity->Object Access->Active Directory Object Access->Windows 2000-2003->EventID 566 - Object Operation [Win 2003] - Failure EventID 566 - Object Operation [Win 2003] - Successful User Activity->Object Access->Active Directory Object Access->Windows 2000-2003->EventID 566 - Object Operation [Win 2003] - Successful EventID 576 - Special privileges assigned to new logon (Logon category) User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 576 - Special privileges assigned to new logon (Logon category) EventID 576 - Special privileges assigned to new logon (Privilege Use category) User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 576 - Special privileges assigned to new logon (Privilege Use category) EventID 5888 - An object in the COM+ Catalog was modified. User Activity->Object Access->COM+ Catalog Object Access->Windows 2008->EventID 5888 - An object in the COM+ Catalog was modified. EventID 5889 - An object was deleted from the COM+ Catalog. User Activity->Object Access->COM+ Catalog Object Access->Windows 2008->EventID 5889 - An object was deleted from the COM+ Catalog. EventID 5890 - An object was added to the COM+ Catalog. User Activity->Object Access->COM+ Catalog Object Access->Windows 2008->EventID 5890 - An object was added to the COM+ Catalog. EventID 592 - A new process has been created User Activity->Programs Execution->Windows 2000-2003->EventID 592 - A new process has been created EventID 593 - A process has exited [Win 2000] User Activity->Programs Execution->Windows 2000-2003->EventID 593 - A process has exited [Win 2000] EventID 593 - A process has exited [Win 2003 / XP] User Activity->Programs Execution->Windows 2000-2003->EventID 593 - A process has exited [Win 2003 / XP] EventID 608 - User Right Assigned User Activity->Policy Changes->User Rights Assignment->Windows 2000-2003->EventID 608 - User Right Assigned EventID 609 - User Right Removed User Activity->Policy Changes->User Rights Assignment->Windows 2000-2003->EventID 609 - User Right Removed EventID 610 - New Trusted Domain [Win 2000] User Activity->Policy Changes->Windows 2000-2003->EventID 610 - New Trusted Domain [Win 2000] EventID 610 - New Trusted Domain [Win 2003] User Activity->Policy Changes->Windows 2000-2003->EventID 610 - New Trusted Domain [Win 2003] EventID 611 - Trusted Domain Removed [Win 2000] User Activity->Policy Changes->Windows 2000-2003->EventID 611 - Trusted Domain Removed [Win 2000] EventID 611 - Trusted Domain Removed [Win 2003] User Activity->Policy Changes->Windows 2000-2003->EventID 611 - Trusted Domain Removed [Win 2003] EventID 612 - Audit Policy Change User Activity->Policy Changes->Windows 2000-2003->EventID 612 - Audit Policy Change EventID 6144 - Security policy in the group policy objects has been applied successfully. User Activity->Policy Changes->Windows 2008->EventID 6144 - Security policy in the group policy objects has been applied successfully. EventID 6145 - One or more errors occured while processing security policy in the group policy objects. User Activity->Policy Changes->Windows 2008->EventID 6145 - One or more errors occured while processing security policy in the group policy objects. EventID 615 - IPSEC PolicyAgent Service [Win 2000] User Activity->Network and Firewall Tracking->IPSec->Windows 2000-2003->EventID 615 - IPSEC PolicyAgent Service [Win 2000] EventID 615 - IPSec Services [Win 2003 / XP] User Activity->Network and Firewall Tracking->IPSec->Windows 2000-2003->EventID 615 - IPSec Services [Win 2003 / XP] EventID 616 - IPSec policy agent encountered a potentially serious failure [Win 2000] User Activity->Network and Firewall Tracking->IPSec->Windows 2000-2003->EventID 616 - IPSec policy agent encountered a potentially serious failure [Win 2000] EventID 616 - IPSec Services encountered a potentially serious failure [Win 2003 / XP] User Activity->Network and Firewall Tracking->IPSec->Windows 2000-2003->EventID 616 - IPSec Services encountered a potentially serious failure [Win 2003 / XP] EventID 617 - Kerberos Policy Changed User Activity->Policy Changes->Windows 2000-2003->EventID 617 - Kerberos Policy Changed EventID 618 - Encrypted Data Recovery Policy Changed User Activity->Policy Changes->Windows 2000-2003->EventID 618 - Encrypted Data Recovery Policy Changed EventID 620 - Trusted Domain Information Modified [Win 2000] User Activity->Policy Changes->Windows 2000-2003->EventID 620 - Trusted Domain Information Modified [Win 2000] EventID 620 - Trusted Domain Information Modified [Win 2003] User Activity->Policy Changes->Windows 2000-2003->EventID 620 - Trusted Domain Information Modified [Win 2003] EventID 621 - System Security Access Granted User Activity->Policy Changes->User Rights Assignment->Windows 2000-2003->EventID 621 - System Security Access Granted EventID 622 - System Security Access Removed User Activity->Policy Changes->User Rights Assignment->Windows 2000-2003->EventID 622 - System Security Access Removed EventID 624 - User Account Created [Win 2000] User Activity->Account Management->Account Changes->User Account Changes->Windows 2000-2003->EventID 624 - User Account Created [Win 2000] EventID 624 - User Account Created [Win 2003] User Activity->Account Management->Account Changes->User Account Changes->Windows 2000-2003->EventID 624 - User Account Created [Win 2003] EventID 626 - User Account Enabled [Win 2003] User Activity->Account Management->Account Changes->User Account Changes->Windows 2000-2003->EventID 626 - User Account Enabled [Win 2003] EventID 627 - Change Password Attempt User Activity->Account Management->Password Changes->Windows 2000-2003->EventID 627 - Change Password Attempt EventID 6279 - Network Policy Server locked the user account due to repeated failed authentication attempts. User Activity->Logons->Failed Logons->Windows 2008->EventID 6279 - Network Policy Server locked the user account due to repeated failed authentication attempts. EventID 628 - User Account password set User Activity->Account Management->Password Changes->Windows 2000-2003->EventID 628 - User Account password set EventID 6281 - Code Integrity determined that the page hashes of an image file are not valid. User Activity->System Events->Windows 2008->EventID 6281 - Code Integrity determined that the page hashes of an image file are not valid. EventID 629 - User Account Disabled [Win 2003] User Activity->Account Management->Account Changes->User Account Changes->Windows 2000-2003->EventID 629 - User Account Disabled [Win 2003] EventID 630 - User Account Deleted User Activity->Account Management->Account Changes->User Account Changes->Windows 2000-2003->EventID 630 - User Account Deleted EventID 631 - Security Enabled Global Group Created [Win 2003] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 631 - Security Enabled Global Group Created [Win 2003] EventID 632 - Security Enabled Global Group Member Added User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 632 - Security Enabled Global Group Member Added EventID 633 - Security Enabled Global Group Member Removed User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 633 - Security Enabled Global Group Member Removed EventID 634 - Security Enabled Global Group Deleted [Win 2000 / 2003] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 634 - Security Enabled Global Group Deleted [Win 2000 / 2003] EventID 635 - Security Enabled Local Group Created User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 635 - Security Enabled Local Group Created EventID 636 - Security Enabled Local Group Member Added User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 636 - Security Enabled Local Group Member Added EventID 637 - Security Enabled Local Group Member Removed User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 637 - Security Enabled Local Group Member Removed EventID 638 - Security Enabled Local Group Deleted User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 638 - Security Enabled Local Group Deleted EventID 639 - Security Enabled Local Group Changed [Win 2000 / XP] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 639 - Security Enabled Local Group Changed [Win 2000 / XP] EventID 639 - Security Enabled Local Group Changed [Win 2003] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 639 - Security Enabled Local Group Changed [Win 2003] EventID 6400 - BranchCache: Received an incorrectly formatted response while discovering availability of content. User Activity->System Events->Windows 2008->EventID 6400 - BranchCache: Received an incorrectly formatted response while discovering availability of content. EventID 6401 - BranchCache: Received invalid data from a peer. Data discarded. User Activity->System Events->Windows 2008->EventID 6401 - BranchCache: Received invalid data from a peer. Data discarded. EventID 6402 - BranchCache: The message to the hosted cache offering it data is incorrectly formatted. User Activity->System Events->Windows 2008->EventID 6402 - BranchCache: The message to the hosted cache offering it data is incorrectly formatted. EventID 6403 - BranchCache: The hosted cache sent an incorrectly formatted response to the client's message to offer it data. User Activity->System Events->Windows 2008->EventID 6403 - BranchCache: The hosted cache sent an incorrectly formatted response to the client's message to offer it data. EventID 6404 - BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. User Activity->System Events->Windows 2008->EventID 6404 - BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. EventID 6405 - BranchCache: %2 instance(s) of event id %1 occurred User Activity->System Events->Windows 2008->EventID 6405 - BranchCache: %2 instance(s) of event id %1 occurred EventID 6409 - BranchCache: A service connection point object could not be parsed. User Activity->System Events->Windows 2008->EventID 6409 - BranchCache: A service connection point object could not be parsed. EventID 641 - Security Enabled Global Group Changed [Win 2000] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 641 - Security Enabled Global Group Changed [Win 2000] EventID 641 - Security Enabled Global Group Changed [Win 2003] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 641 - Security Enabled Global Group Changed [Win 2003] EventID 6410 - Code integrity determined that a file does not meet the security requirements to load into a process. User Activity->System Events->Windows 2008->EventID 6410 - Code integrity determined that a file does not meet the security requirements to load into a process. EventID 6416 - A new external device was recognized by the system. User Activity->System Events->Windows 2008->EventID 6416 - A new external device was recognized by the system. EventID 6417 - The FIPS mode crypto selftests succeeded. User Activity->System Events->Windows 2008->EventID 6417 - The FIPS mode crypto selftests succeeded. EventID 6418 - The FIPS mode crypto selftests failed. User Activity->System Events->Windows 2008->EventID 6418 - The FIPS mode crypto selftests failed. EventID 6419 - A request was made to disable a device. User Activity->System Events->Windows 2008->EventID 6419 - A request was made to disable a device. EventID 642 - User Account Changed [Win 2000] User Activity->Account Management->Account Changes->User Account Changes->Windows 2000-2003->EventID 642 - User Account Changed [Win 2000] EventID 642 - User Account Changed [Win 2000] - Disabled User Activity->Account Management->Account Changes->User Account Changes->Windows 2000-2003->EventID 642 - User Account Changed [Win 2000] - Disabled EventID 642 - User Account Changed [Win 2000] - Enabled User Activity->Account Management->Account Changes->User Account Changes->Windows 2000-2003->EventID 642 - User Account Changed [Win 2000] - Enabled EventID 642 - User Account Changed [Win 2003] User Activity->Account Management->Account Changes->User Account Changes->Windows 2000-2003->EventID 642 - User Account Changed [Win 2003] EventID 6420 - A device was disabled. User Activity->System Events->Windows 2008->EventID 6420 - A device was disabled. EventID 6421 - A request was made to enable a device. User Activity->System Events->Windows 2008->EventID 6421 - A request was made to enable a device. EventID 6422 - A device was enabled. User Activity->System Events->Windows 2008->EventID 6422 - A device was enabled. EventID 6423 - The installation of this device is forbidden by system policy. User Activity->System Events->Windows 2008->EventID 6423 - The installation of this device is forbidden by system policy. EventID 6424 - The installation of this device was allowed, after having previously been forbidden by policy. User Activity->System Events->Windows 2008->EventID 6424 - The installation of this device was allowed, after having previously been forbidden by policy. EventID 643 - Domain Policy Changed [Win 2000] User Activity->Policy Changes->Windows 2000-2003->EventID 643 - Domain Policy Changed [Win 2000] EventID 643 - Domain Policy Changed [Win 2003] User Activity->Policy Changes->Windows 2000-2003->EventID 643 - Domain Policy Changed [Win 2003] EventID 644 - User Account Locked Out User Activity->Account Management->Account Lockouts/Unlocks->Windows 2000-2003->EventID 644 - User Account Locked Out EventID 645 - Computer Account Created [Win 2000] User Activity->Account Management->Account Changes->Computer Account Changes->Windows 2000-2003->EventID 645 - Computer Account Created [Win 2000] EventID 645 - Computer Account Created [Win 2003] User Activity->Account Management->Account Changes->Computer Account Changes->Windows 2000-2003->EventID 645 - Computer Account Created [Win 2003] EventID 646 - Computer Account Changed [Win 2000] User Activity->Account Management->Account Changes->Computer Account Changes->Windows 2000-2003->EventID 646 - Computer Account Changed [Win 2000] EventID 646 - Computer Account Changed [Win 2003] User Activity->Account Management->Account Changes->Computer Account Changes->Windows 2000-2003->EventID 646 - Computer Account Changed [Win 2003] EventID 647 - Computer Account Deleted [Win 2000 / 2003] User Activity->Account Management->Account Changes->Computer Account Changes->Windows 2000-2003->EventID 647 - Computer Account Deleted [Win 2000 / 2003] EventID 648 - Security Disabled Local Group Created [Win 2000] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 648 - Security Disabled Local Group Created [Win 2000] EventID 648 - Security Disabled Local Group Created [Win 2003] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 648 - Security Disabled Local Group Created [Win 2003] EventID 649 - Security Disabled Local Group Changed [Win 2000] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 649 - Security Disabled Local Group Changed [Win 2000] EventID 649 - Security Disabled Local Group Changed [Win 2003] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 649 - Security Disabled Local Group Changed [Win 2003] EventID 650 - Security Disabled Local Group Member Added User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 650 - Security Disabled Local Group Member Added EventID 651 - Security Disabled Local Group Member Removed User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 651 - Security Disabled Local Group Member Removed EventID 652 - Security Disabled Local Group Deleted User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 652 - Security Disabled Local Group Deleted EventID 653 - Security Disabled Global Group Created [Win 2000] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 653 - Security Disabled Global Group Created [Win 2000] EventID 653 - Security Disabled Global Group Created [Win 2003] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 653 - Security Disabled Global Group Created [Win 2003] EventID 654 - Security Disabled Global Group Changed [Win 2000] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 654 - Security Disabled Global Group Changed [Win 2000] EventID 654 - Security Disabled Global Group Changed [Win 2003] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 654 - Security Disabled Global Group Changed [Win 2003] EventID 655 - Security Disabled Global Group Member Added User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 655 - Security Disabled Global Group Member Added EventID 656 - Security Disabled Global Group Member Removed User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 656 - Security Disabled Global Group Member Removed EventID 657 - Security Disabled Global Group Deleted User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 657 - Security Disabled Global Group Deleted EventID 658 - Security Enabled Universal Group Created User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 658 - Security Enabled Universal Group Created EventID 659 - Security Enabled Universal Group Changed [Win 2000] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 659 - Security Enabled Universal Group Changed [Win 2000] EventID 659 - Security Enabled Universal Group Changed [Win 2003] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 659 - Security Enabled Universal Group Changed [Win 2003] EventID 660 - Security Enabled Universal Group Member Added User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 660 - Security Enabled Universal Group Member Added EventID 661 - Security Enabled Universal Group Member Removed User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 661 - Security Enabled Universal Group Member Removed EventID 662 - Security Enabled Universal Group Deleted User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 662 - Security Enabled Universal Group Deleted EventID 663 - Security Disabled Universal Group Created [Win 2000] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 663 - Security Disabled Universal Group Created [Win 2000] EventID 663 - Security Disabled Universal Group Created [Win 2003] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 663 - Security Disabled Universal Group Created [Win 2003] EventID 664 - Security Disabled Universal Group Changed [Win 2000] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 664 - Security Disabled Universal Group Changed [Win 2000] EventID 664 - Security Disabled Universal Group Changed [Win 2003] User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 664 - Security Disabled Universal Group Changed [Win 2003] EventID 665 - Security Disabled Universal Group Member Added User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 665 - Security Disabled Universal Group Member Added EventID 666 - Security Disabled Universal Group Member Removed User Activity->Account Management->Group Membership Changes->Windows 2000-2003->EventID 666 - Security Disabled Universal Group Member Removed EventID 667 - Security Disabled Universal Group Deleted User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 667 - Security Disabled Universal Group Deleted EventID 668 - Group Type Changed User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 668 - Group Type Changed EventID 671 - User Account Unlocked User Activity->Account Management->Account Lockouts/Unlocks->Windows 2000-2003->EventID 671 - User Account Unlocked EventID 672 - Authentication Ticket Granted [Win 2000] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 672 - Authentication Ticket Granted [Win 2000] EventID 672 - Authentication Ticket Request [Win 2003] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 672 - Authentication Ticket Request [Win 2003] EventID 672 - Authentication Ticket Request [Win 2003] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 672 - Authentication Ticket Request [Win 2003] EventID 673 - Service Ticket Granted [Win 2000] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 673 - Service Ticket Granted [Win 2000] EventID 673 - Service Ticket Request [Win 2003] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 673 - Service Ticket Request [Win 2003] EventID 673 - Service Ticket Request [Win 2003] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 673 - Service Ticket Request [Win 2003] EventID 674 - Service Ticket Renewed [Win 2003] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 674 - Service Ticket Renewed [Win 2003] EventID 674 - Ticket Granted Renewed [Win 2000] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 674 - Ticket Granted Renewed [Win 2000] EventID 675 - Pre-authentication failed User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 675 - Pre-authentication failed EventID 676 - Authentication Ticket Request Failed [Win 2000] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 676 - Authentication Ticket Request Failed [Win 2000] EventID 677 - Service Ticket Request Failed [Win 2000] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 677 - Service Ticket Request Failed [Win 2000] EventID 678 - Account Mapped for Logon User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 678 - Account Mapped for Logon EventID 679 - Account could not be mapped for logon User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 679 - Account could not be mapped for logon EventID 680 - Account Used for Logon by: %1 [Win 2000] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 680 - Account Used for Logon by: %1 [Win 2000] EventID 680 - Logon attempt by: %1 [Win 2003 / XP] User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 680 - Logon attempt by: %1 [Win 2003 / XP] EventID 680 - Logon attempt by: %1 [Win 2003 / XP] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 680 - Logon attempt by: %1 [Win 2003 / XP] EventID 681 - The logon to account: %2 by: %1 from workstation: %3 failed [Win 2000] User Activity->Logons->Failed Logons->Windows 2000-2003->EventID 681 - The logon to account: %2 by: %1 from workstation: %3 failed [Win 2000] EventID 682 - Session reconnected to winstation User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 682 - Session reconnected to winstation EventID 683 - Session disconnected from winstation User Activity->Logons->Successful Logons->Windows 2000-2003->EventID 683 - Session disconnected from winstation EventID 685 - Account Name Changed User Activity->Account Management->Account Changes->User Account Changes->Windows 2000-2003->EventID 685 - Account Name Changed EventID 808 - A security event source has attempted to register [Win 2003 / XP] User Activity->System Events->Windows 2000-2003->EventID 808 - A security event source has attempted to register [Win 2003 / XP] EventID 809 - A security event source has attempted to unregister [Win 2003 / XP] User Activity->System Events->Windows 2000-2003->EventID 809 - A security event source has attempted to unregister [Win 2003 / XP] EventID 848 - The following policy was active when the Windows Firewall started [Win 2003 / XP] User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 848 - The following policy was active when the Windows Firewall started [Win 2003 / XP] EventID 849 - An application was listed as an exception when the Windows Firewall started [Win 2003 / XP] User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 849 - An application was listed as an exception when the Windows Firewall started [Win 2003 / XP] EventID 850 - A port was listed as an exception when the Windows Firewall started [Win 2003 / XP] User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 850 - A port was listed as an exception when the Windows Firewall started [Win 2003 / XP] EventID 851 - A change has been made to the Windows Firewall application exception list [Win 2003 / XP] User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 851 - A change has been made to the Windows Firewall application exception list [Win 2003 / XP] EventID 852 - A change has been made to the Windows Firewall port exception list [Win 2003 / XP] User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 852 - A change has been made to the Windows Firewall port exception list [Win 2003 / XP] EventID 853 - The Windows Firewall operational mode has changed [Win 2003 / XP] User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 853 - The Windows Firewall operational mode has changed [Win 2003 / XP] EventID 854 - The Windows Firewall logging settings have changed [Win 2003 / XP] User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 854 - The Windows Firewall logging settings have changed [Win 2003 / XP] EventID 855 - A Windows Firewall ICMP setting has changed [Win 2003 / XP] User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 855 - A Windows Firewall ICMP setting has changed [Win 2003 / XP] EventID 861 - The Windows Firewall has detected an application listening for incoming traffic [Win 2003 / XP] User Activity->Network and Firewall Tracking->Windows Firewall->Windows 2000-2003->EventID 861 - The Windows Firewall has detected an application listening for incoming traffic [Win 2003 / XP]