|
DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
|
Caller User Name
|
Account initiating action
|
InsertionString4
|
Alebovsky
|
|
Caller Domain
|
Domain of the account initiating action
|
InsertionString5
|
RESEARCH
|
|
Caller Logon ID
|
A number uniquely identifying the logon session of the user initiating action. This number can be used to correlate all user actions within one logon session.
|
InsertionString6
|
(0x0,0x59DF36)
|
|
Domain Policy Changed
|
The name of the affected policy
|
InsertionString1
|
|
|
Domain Name
|
The name of the domain whose policy has been changed
|
InsertionString2
|
RESEARCH
|
|
Domain ID
|
The SID of the domain whose policy has been changed. In the event message it is normally resolved to the Domain Name.
|
InsertionString3
|
%{S-1-5-21-184992632-1607737289-1287950321}
|
|
Privileges
|
Contains the list of privileges. The purpose of this field is unknown. In most cases it is empty.
|
InsertionString7
|
-
|
|
Min. Password Age
|
The minimum amount of time that a password is valid.
|
InsertionString8
|
-
|
|
Max. Password Age
|
The maximum amount of time a password is valid. This value is stored as a large integer that represents the number of 100 nanosecond intervals from the time the password was set before the password expires.
|
InsertionString9
|
-
|
|
Force Logoff
|
Used in computing the kick off time. Logoff time minus Force Log off equals kick off time.
|
InsertionString10
|
-
|
|
Lockout Threshold
|
The number of invalid logon attempts that are permitted before the account is locked out.
|
InsertionString11
|
-
|
|
Lockout Observation Window
|
The window of time in which the system increments the count of invalig logon attempts allowed in "Lockout Threshold".
|
InsertionString12
|
-
|
|
Lockout Duration
|
The amount of time that an account is locked due to the "Lockout Threshold" being exceeded.
|
InsertionString13
|
-
|
|
Password Properties
|
A bit field to indicate password complexity / storage restrictions.
|
InsertionString14
|
16
|
|
Min. Password Length
|
The minimum number of characters that a password must contain.
|
InsertionString15
|
-
|
|
Password History Length
|
The number of old passwords to save.
|
InsertionString16
|
1
|
|
Machine Account Quota
|
The number of computer accounts that a user is allowed to create in a domain.
|
InsertionString17
|
-
|
|
Mixed Domain Mode
|
Indicates that the domain is in native mode or mixed mode.
|
InsertionString18
|
-
|
|
Domain Behavior Version
|
This attribute is used to track the domain or forest behavior version. It is a monotonically increasing number that is used to enable certain Active Directory features.
|
InsertionString19
|
-
|
|
OEM Information
|
For holding OEM information. No longer used. Here for backward compatibility.
|
InsertionString20
|
-
|