Saturday, November 2, 2019

Windows Event Log - Application Group Management

To audit Application Group Management in Windows system enable auditing for following event ids.
Event IdDescription
4783A basic application group was created.
4784A basic application group was changed.
4785A member was added to a basic application group.
4786A member was removed from a basic application group.
4787A non-member was added to a basic application group.
4788A non-member was removed from a basic application group.
4789A basic application group was deleted.
4790An LDAP query group was created.
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)