DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
New Policy
|
Displays new values for all policies. Plus - enabled, minus - disabled.
|
" Success Failure %3 %4 Logon/Logoff %5 %6 Object Access %7 %8 Privilege Use %13 %14 Account Management %11 %12 Policy Change %1 %2 System %9 %10 Detailed Tracking %15 %16 Directory Service Access %17 %18 Account Logon"
|
Success Failure %3 %4 Logon/Logoff %5 %6 Object Access %7 %8 Privilege Use %13 %14 Account Management %11 %12 Policy Change %1 %2 System %9 %10 Detailed Tracking %15 %16 Directory Service Access %17 %18 Account Logon
|
Changed By: User Name
|
If the change was made locally then reflects the name of the user who made the change, if applied as a result of the Group Policy propagation then reflects the name of the computer where the event is logged
|
InsertionString19
|
ALebovsky
|
Changed By: Domain Name
|
Domain name of the user that made the change
|
InsertionString20
|
RESEARCH
|
Changed By: Logon ID
|
ID of the logon session of the user that made the change. Useful for tracking other user activity during the same logon session.
|
InsertionString21
|
(0x0,0x514A6)
|
New Policy: Success Logon/Logoff
|
"+" or "-"
|
InsertionString3
|
+
|
New Policy: Failure Logon/Logoff
|
"+" or "-"
|
InsertionString4
|
+
|
New Policy: Success Object Access
|
"+" or "-"
|
InsertionString5
|
+
|
New Policy: Failure Object Access
|
"+" or "-"
|
InsertionString6
|
+
|
New Policy: Success Privilege Use
|
"+" or "-"
|
InsertionString7
|
+
|
New Policy: Failure Privilege Use
|
"+" or "-"
|
InsertionString8
|
+
|
New Policy: Success Account Management
|
"+" or "-"
|
InsertionString13
|
+
|
New Policy: Failure Account Management
|
"+" or "-"
|
InsertionString14
|
+
|
New Policy: Success Policy Change
|
"+" or "-"
|
InsertionString11
|
+
|
New Policy: Failure Policy Change
|
"+" or "-"
|
InsertionString12
|
+
|
New Policy: Success System
|
"+" or "-"
|
InsertionString1
|
+
|
New Policy: Failure System
|
"+" or "-"
|
InsertionString2
|
+
|
New Policy: Success Detailed Tracking
|
"+" or "-"
|
InsertionString9
|
+
|
New Policy: Failure Detailed Tracking
|
"+" or "-"
|
InsertionString10
|
+
|
New Policy: Success Directory Service Access
|
"+" or "-"
|
InsertionString15
|
+
|
New Policy: Failure Directory Service Access
|
"+" or "-"
|
InsertionString16
|
+
|
New Policy: Success Account Logon
|
"+" or "-"
|
InsertionString17
|
+
|
New Policy: Failure Account Logon
|
"+" or "-"
|
InsertionString18
|
+
|