Event-o-Pedia EventID 4764 - A group's type was changed.

	Event Details
	User Activity->Account Management->Account Changes->Group Account Changes->Windows 2008->EventID 4764 - A group's type was changed.

EventID 4764 - A group's type was changed.

Linked Event:

EventID 4764 - A group's type was changed.

Sample:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/28/2009 8:29:34 PM
Event ID:      4764
Task Category: Security Group Management
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      dcc1.Logistics.corp
Description:   
A group's type was changed.

Subject:
	Security ID:		S-1-5-21-1135140816-2109348461-2107143693-500
	Account Name:		ALebovsky
	Account Domain:		LOGISTICS
	Logon ID:		0x2a88a

Change Type:			Security Enabled Local Group Changed to Security Enabled Universal Group.

Group:
	Security ID:		S-1-5-21-1135140816-2109348461-2107143693-1146
	Group Name:		Setup Operators
	Group Domain:		LOGISTICS

Additional Information:
	Privileges:		-

Log Type:

Windows Event Log

Uniquely Identified By:

Log Name:

Security

Filtering Field	Equals to Value
OSVersion	Windows Vista (2008) Windows 7 (2008 R2) Windows 8 (2012) Windows 8.1 (2012 R2) Windows 10 (2016)
Category	Account Management
Source	Microsoft-Windows-Security-Auditing
TaskCategory	Security Group Management
EventId	4764

Field Matching

Field	Description	Stored in	Sample Value
When	At what date and time a user activity originated in the system.	DateTime	10.10.2000 19:00:00
Who	Account or user name under which the activity occured.	Subject: Account Name	ALebovsky
What	The type of activity occurred (e.g. Logon, Password Changed, etc.)	"Group Type and/or Scope Changed"	Group Type and/or Scope Changed
Where	The name of the workstation/server where the activity was logged.	Computer	DC1
Where From	The name of the workstation/server where the activity was initiated from.	-	10.10.10.10
Severity	Specify the seriousness of the event.	"High"	High
WhoDomain		Subject: Account Domain	LOGISTICS
WhereDomain		-
Whom	Account or user name being managed.	Group: Security ID	S-1-5-21-1135140816-2109348461-2107143693-1146
Group Type	Type of group: security or distribution.	-
Group Scope	Scope of group: local, global, universal.	-
Group Name		Group: Group Name	Setup Operators
Group Domain		Group: Group Domain	LOGISTICS
Affected Group		InsertionString4	S-1-5-21-1135140816-2109348461-2107143693-1146
Details	The old and new values of the group type and scope.	Change Type	Security Enabled Local Group Changed to Security Enabled Universal Group.