Event-o-Pedia EventID 848 - The following policy was active when the Windows Firewall started [Win 2003 / XP]

	Event Details
	Operating System->Microsoft Windows->Built-in logs->Windows 2000-2003->Security Log->Policy Change->EventID 848 - The following policy was active when the Windows Firewall started [Win 2003 / XP]

EventID 848 - The following policy was active when the Windows Firewall started [Win 2003 / XP]

This event logs the Windows Firewall policy settings in effect at the time of startup, which is usually when the Windows system boots up.

Note:
You can get details on Windows Firewall configuration at the Microsoft's site in this article.

Find more information about this event on ultimatewindowssecurity.com.

Corresponding events on other OS versions:

Windows 2008

EventID 4944 - The following policy was active when the Windows Firewall started

Sample:

Event Type:     Success Audit
Event Source:   Security
Event Category: Policy Change
Event ID:       848
Date:           12/16/2009
Time:           06:50:28
User:           NT AUTHORITY\SYSTEM
Computer:       DC1
Description:    
The following policy was active when the Windows Firewall started.

Group Policy applied: No
Profile used: Standard
Interface: All interfaces
Operational mode: Off
Services:
     File and Printer Sharing: Disabled
     Remote Desktop: Disabled
     UPnP Framework: Disabled
Allow remote administration: Disabled
Allow unicast responses to multicast/broadcast traffic: Disabled
Security Logging:
     Log dropped packets: Disabled
     Log successful connections Disabled
ICMP:
     Allow incoming echo request: Disabled
     Allow incoming timestamp request: Disabled
     Allow incoming mask request: Disabled
     Allow incoming router request: Disabled
     Allow outgoing destination unreachable: Disabled
     Allow outgoing source quench: Disabled
     Allow outgoing parameter problem: Disabled
     Allow outgoing time exceeded: Disabled
     Allow redirect: Disabled
     Allow outgoing packet too big: Disabled

Log Type:

Windows Event Log

Uniquely Identified By:

Log Name:

Security

Filtering Field	Equals to Value
OSVersion	Windows 2003 Windows XP
Category	Policy Change
Source	Security
EventId	848

Field Matching

Field	Description	Stored in	Sample Value
DateTime	Date/Time of event origination in GMT format.	DateTime	10.10.2000 19:00:00
Source	Name of an Application or System Service originating the event.	Source	Security
Type	Warning, Information, Error, Success, Failure, etc.	Type	Success
User	Domain\Account name of user/service/computer initiating event.	User	RESEARCH\Alebovsky
Computer	Name of server workstation where event was logged.	Computer	DC1
EventID	Numerical ID of event. Unique within one Event Source.	EventId	576
Description	The entire unparsed event message.	Description	Special privileges assigned to new logon.
Log Name	The name of the event log (e.g. Application, Security, System, etc.)	LogName	Security
Category	A name for a subclass of events within the same Event Source.	Category	Logon/Logoff
Group Policy applied	Indicates whether Windows Firewall was getting its settings from Group Policy or the system's local policy.	InsertionString1	No
Profile used	Standard or Domain. Domain profile is applied when the computer is on its "home" network, Standard profile is applied when the computer is not connected to its "home" network, e.g. out travelling and connected to public internet via Wi-Fi.	InsertionString2	Standard
Interface	Displays Network Interface Cards the firewall is configured for.	InsertionString3	All interfaces
Operational mode	Shows whether Windows Firewall was enabled or not.	InsertionString4	Off
File and Printer Sharing		InsertionString5	Disabled
Remote Desktop		InsertionString6	Disabled
UPnP Framework		InsertionString7	Disabled
Allow remote administration		InsertionString8	Disabled
Allow unicast responses to multicast/broadcast traffic		InsertionString9	Disabled
Log dropped packets		InsertionString10	Disabled
Allow incoming echo request		InsertionString14	Disabled
Allow incoming timestamp request		InsertionString19	Disabled
Allow incoming mask request		InsertionString20	Disabled
Allow incoming router request		InsertionString18	Disabled
Allow outgoing destination unreachable		InsertionString12	Disabled
Allow outgoing source quench		InsertionString17	Disabled
Allow outgoing parameter problem		InsertionString16	Disabled
Allow outgoing time exceeded		InsertionString15	Disabled
Allow redirect		InsertionString13	Disabled
Allow outgoing packet too big		InsertionString21	Disabled