DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
Caller User Name
|
Account initiating action
|
InsertionString4
|
Alebovsky
|
Caller Domain
|
Domain of the account initiating action
|
InsertionString5
|
RESEARCH
|
Caller Logon ID
|
A number uniquely identifying the logon session of the user initiating action. This number can be used to correlate all user actions within one logon session.
|
InsertionString6
|
(0x0,0x59DF36)
|
New Account Name
|
Name of the newly created computer account
|
InsertionString1
|
Editor$
|
New Domain
|
Domain name of the newly created account
|
InsertionString2
|
RESEARCH
|
New Account ID
|
Name of the newly created account in the following format: New Account Domain\New Account Name
|
InsertionString3
|
RESEARCH\Editor$
|
Sam Account Name
|
The logon name used to support clients and servers running older versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager.
|
InsertionString8
|
Editor$
|
Display Name
|
This is usually the combination of the users first name, middle initial, and last name.
|
InsertionString9
|
<value not set>
|
User Principal Name
|
User name in an e-mail address format. The username is followed by the "@" followed by the name of the domain with which the user is associated.
|
InsertionString10
|
-
|
Home Directory
|
The home directory for the account. If Home Drive is set and specifies a drive letter, Home Directory must be a UNC path. Otherwise, Home Directory is a fully qualified local path including the drive letter (e.g. "c:\directory\folder").
|
InsertionString11
|
<value not set>
|
Home Drive
|
Specifies the drive letter to which to map the UNC path specified by Home Directory.
|
InsertionString12
|
<value not set>
|
Script Path
|
The path for the user's logon script.
|
InsertionString13
|
<value not set>
|
Profile Path
|
The path to the user's profile.
|
InsertionString14
|
<value not set>
|
User Workstations
|
Contains the NetBIOS or DNS names of the computers from which the user can log on.
|
InsertionString15
|
<value not set>
|
Password Last Set
|
The date and time that the password for this account was last changed. This value is stored as a large integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC).
|
InsertionString16
|
<never>
|
Account Expires
|
The date when the account expires. This value represents the number of 100 nanosecond intervals since January 1, 1601 (UTC).
|
InsertionString17
|
<never>
|
Primary Group ID
|
Contains the relative identifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group.
|
InsertionString18
|
515
|
AllowedToDelegateTo
|
Contains the list of Service Principal Names (SPN) to which this user (normally service or computer account) can forward credentials on behalf of the client.
|
InsertionString19
|
-
|
Old UAC Value
|
Bitwise representation of User Account Control Options check list (old value)
|
InsertionString20
|
0x0
|
New UAC Value
|
Bitwise representation of User Account Control Options check list (new value)
|
InsertionString21
|
0x85
|
User Account Control
|
Descriptions of set flags that control the behavior of the user account.
|
InsertionString22
|
Account Disabled 'Password Not Required' - Enabled 'Workstation Trust Account' - Enabled
|
User Parameters
|
Used to store user data specific to the individual program.
|
InsertionString23
|
<value changed, but not displayed>
|
Sid History
|
Contains previous SIDs used for the object if the object was moved from another domain.
|
InsertionString24
|
-
|
Logon Hours
|
The hours that the user is allowed to logon to the domain.
|
InsertionString25
|
<value not set>
|
DNS Host Name
|
Name of computer as registered in DNS.
|
InsertionString26
|
-
|
Service Principal Names
|
List of principal names used for mutual authentication with an instance of a service on this machine.
|
InsertionString27
|
-
|
Privileges
|
Contains the list of privileges. The purpose of this field is unknown. In most cases it is empty.
|
InsertionString7
|
-
|