Event Details
User Activity->Account Management->Account Changes->Group Account Changes->Windows 2000-2003->EventID 634 - Security Enabled Global Group Deleted [Win 2000 / 2003]
EventID 634 - Security Enabled Global Group Deleted [Win 2000 / 2003]
 Sample: 
Event Type:     SuccessAudit
Event Source:   Security
Event Category: Account Management
Event ID:       634
Date:           10/26/2009 12:00:00 AM
Time:           07:41:24
User:           RESEARCH\ALebovsky
Computer:       DC1
Description:    
Security Enabled Global Group Deleted:

	Target Account Name:	Employees_dead

	Target Domain:	RESEARCH

	Target Account ID:	{S-1-5-21-184992632-1607737289-1287950321-1183}

	Caller User Name:	Alebovsky

	Caller Domain:	RESEARCH

	Caller Logon ID:	(0x0,0x59DF36)

	Privileges:	-
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows 2000
Windows 2003
Category Account Management
Source Security
EventId 634
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime 12/14/2009 6:59:09 AM
Who Account or user name under which the activity occured. Caller User Name Alebovsky
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "Group Deleted" Group Deleted
Where The name of the workstation/server where the activity was logged. Computer DC1
Where From The name of the workstation/server where the activity was initiated from. - 10.10.10.10
Severity Specify the seriousness of the event. "High" High
WhoDomain Caller Domain RESEARCH
WhereDomain -
Whom Account or user name being managed. Target Account ID {S-1-5-21-184992632-1607737289-1287950321-1183}
Group Type Type of group: security or distribution. "Security" Security
Group Scope Scope of group: local, global, universal. "Global" Global
Group Name -
Group Domain -
Affected Group -
Comments
You must be logged in to comment