|
|
;/*++ BUILD Version: 0001 // Increment this if a change has global effects
;;Copyright (c) 1991 Microsoft Corporation;;Module Name:;; msaudite.mc;;Abstract:;; Constant definitions for the NT Audit Event Messages.;;Author:;; Jim Kelly (JimK) 30-Mar-1992;;Revision History:;;Notes:;; The .h and .res forms of this file are generated from the .mc; form of the file (base\seaudit\msaudite\msaudite.mc).; Please make all changes to the .mc form of the file.;; If you add a new audit category or make any change to the ; audit event id valid limits (0x200 ~ 0x5ff), please make a; corresponding change to ntlsa.h;;--*/;;#ifndef _MSAUDITE_;#define _MSAUDITE_;;/*lint -e767 */ // Don't complain about different definitions // winnt
MessageIdTypedef=ULONG
SeverityNames=(None=0x0)
FacilityNames=(None=0x0)
MessageId=0x0000 Language=EnglishUnused message ID.;// Message ID 0 is unused - just used to flush out the diagram
;//
;// min/max limits on audit category-id and event-id of audit events
;//
;;#define SE_ADT_MIN_CATEGORY_ID 1 // SE_CATEGID_SYSTEM
;#define SE_ADT_MAX_CATEGORY_ID 9 // SE_CATEGID_ACCOUNT_LOGON
;;;#define SE_ADT_MIN_AUDIT_ID 0x200 // see msaudite.h
;#define SE_ADT_MAX_AUDIT_ID 0x5ff // see msaudite.h
;///////////////////////////////////////////////////////////////////////////
;///////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Audit Message ID Space: //
;// //
;// 0x0000 - 0x00FF : Reserved for future use. //
;// //
;// 0x0100 - 0x01FF : Categories //
;// //
;// 0x0200 - 0x05FF : Events //
;// //
;// 0x0600 - 0x063F : Standard access types and names for //
;// specific accesses when no specific names //
;// can be found. //
;// //
;// 0x0640 - 0x06FF : Well known privilege names (as we would //
;// like them displayed in the event viewer). //
;// //
;// 0x0700 - 0x0FFE : Reserved for future use. //
;// //
;// 0X0FFF : SE_ADT_LAST_SYSTEM_MESSAGE (the highest //
;// value audit message used by the system) //
;// //
;// //
;// 0x1000 and above: For use by Parameter Message Files //
;// //
;///////////////////////////////////////////////////////////////////////////
;///////////////////////////////////////////////////////////////////////////
MessageId=0x0FFF SymbolicName=SE_ADT_LAST_SYSTEM_MESSAGE Language=EnglishHighest System-Defined Audit Message Value..
;�;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// CATEGORIES //
;// //
;// Categories take up the range 0x1 - 0x400 //
;// //
;// Category IDs: //
;// //
;// SE_CATEGID_SYSTEM //
;// SE_CATEGID_LOGON //
;// SE_CATEGID_OBJECT_ACCESS //
;// SE_CATEGID_PRIVILEGE_USE //
;// SE_CATEGID_DETAILED_TRACKING //
;// SE_CATEGID_POLICY_CHANGE //
;// SE_CATEGID_ACCOUNT_MANAGEMENT //
;// SE_CATEGID_DS_ACCESS //
;// SE_CATEGID_ACCOUNT_LOGON //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
MessageId=0x0001 SymbolicName=SE_CATEGID_SYSTEM Language=EnglishSystem Event.
MessageId=0x0002 SymbolicName=SE_CATEGID_LOGON Language=EnglishLogon/Logoff.
MessageId=0x0003 SymbolicName=SE_CATEGID_OBJECT_ACCESS Language=EnglishObject Access.
MessageId=0x0004 SymbolicName=SE_CATEGID_PRIVILEGE_USE Language=EnglishPrivilege Use.
MessageId=0x0005 SymbolicName=SE_CATEGID_DETAILED_TRACKING Language=EnglishDetailed Tracking.
MessageId=0x0006 SymbolicName=SE_CATEGID_POLICY_CHANGE Language=EnglishPolicy Change.
MessageId=0x0007 SymbolicName=SE_CATEGID_ACCOUNT_MANAGEMENT Language=EnglishAccount Management.MessageId=0x0008 SymbolicName=SE_CATEGID_DS_ACCESS Language=EnglishDirectory Service Access.MessageId=0x0009 SymbolicName=SE_CATEGID_ACCOUNT_LOGON Language=EnglishAccount Logon.
;�;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_SYSTEM //
;// //
;// Event IDs: //
;// SE_AUDITID_SYSTEM_RESTART //
;// SE_AUDITID_SYSTEM_SHUTDOWN //
;// SE_AUDITID_AUTH_PACKAGE_LOAD //
;// SE_AUDITID_LOGON_PROC_REGISTER //
;// SE_AUDITID_AUDITS_DISCARDED //
;// SE_AUDITID_NOTIFY_PACKAGE_LOAD //
;// SE_AUDITID_LPC_INVALID_USE //
;// SE_AUDITID_SYSTEM_TIME_CHANGE //
;// SE_AUDITID_UNABLE_TO_LOG_EVENTS //
;// SE_AUDITID_SECURITY_LOG_EXCEEDS_WARNING_LEVEL //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_SYSTEM_RESTART
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings - None
;//
;//
;//
MessageId=0x0200 SymbolicName=SE_AUDITID_SYSTEM_RESTART Language=EnglishWindows is starting up..
;//
;//
;// SE_AUDITID_SYSTEM_SHUTDOWN
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings - None
;//
;//
;//
MessageId=0x0201 SymbolicName=SE_AUDITID_SYSTEM_SHUTDOWN Language=EnglishWindows is shutting down.All logon sessions will be terminated by this shutdown..
;//
;//
;// SE_AUDITID_SYSTEM_AUTH_PACKAGE_LOAD
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Authentication Package Name
;//
;//
;//
MessageId=0x0202 SymbolicName=SE_AUDITID_AUTH_PACKAGE_LOAD Language=EnglishAn authentication package has been loaded by the Local Security Authority.This authentication package will be used to authenticate logon attempts.%nAuthentication Package Name:%t%1.
;//
;//
;// SE_AUDITID_SYSTEM_LOGON_PROC_REGISTER
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Logon Process Name
;//
;//
;//
MessageId=0x0203 SymbolicName=SE_AUDITID_SYSTEM_LOGON_PROC_REGISTER Language=EnglishA trusted logon process has registered with the Local Security Authority.This logon process will be trusted to submit logon requests.%n%nLogon Process Name:%t%1.
;//
;//
;// SE_AUDITID_AUDITS_DISCARDED
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Number of audits discarded
;//
;//
;//
MessageId=0x0204 SymbolicName=SE_AUDITID_AUDITS_DISCARDED Language=EnglishInternal resources allocated for the queuing of audit messages have been exhausted,leading to the loss of some audits.%n%tNumber of audit messages discarded:%t%1.
;//
;//
;// SE_AUDITID_AUDIT_LOG_CLEARED
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Primary user account name
;//
;// 2 - Primary authenticating domain name
;//
;// 3 - Primary logon ID string
;//
;// 4 - Client user account name ("-" if no client)
;//
;// 5 - Client authenticating domain name ("-" if no client)
;//
;// 6 - Client logon ID string ("-" if no client)
;//
;//
;//
MessageId=0x0205 SymbolicName=SE_AUDITID_AUDIT_LOG_CLEARED Language=EnglishThe audit log was cleared%n%tPrimary User Name:%t%1%n%tPrimary Domain:%t%2%n%tPrimary Logon ID:%t%3%n%tClient User Name:%t%4%n%tClient Domain:%t%5%n%tClient Logon ID:%t%6%n.
;//
;//
;// SE_AUDITID_SYSTEM_NOTIFY_PACKAGE_LOAD
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Notification Package Name
;//
;//
;//
MessageId=0x0206 SymbolicName=SE_AUDITID_NOTIFY_PACKAGE_LOAD Language=EnglishAn notification package has been loaded by the Security Account Manager.This package will be notified of any account or password changes.%nNotification Package Name:%t%1.
;//
;//
;// SE_AUDITID_LPC_INVALID_USE
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - LPC call (e.g. "impersonation" | "reply")
;//
;// 2 - Server Port name
;//
;// 3 - Faulting process
;//
;// Event type: success
;//
;// Description:
;// SE_AUDIT_LPC_INVALID_USE is generated when a process uses an invalid LPC
;// port in an attempt to impersonate a client, reply or read/write from/to a client address space.
;//
MessageId=0x0207 SymbolicName=SE_AUDITID_LPC_INVALID_USE Language=EnglishInvalid use of LPC port.%n%tProcess ID: %1%n%tImage File Name: %2%n%tPrimary User Name:%t%3%n%tPrimary Domain:%t%4%n%tPrimary Logon ID:%t%5%n%tClient User Name:%t%6%n%tClient Domain:%t%7%n%tClient Logon ID:%t%8%n%tInvalid use: %9%n%tServer Port Name:%t%10%n.
;//
;//
;// SE_AUDITID_SYSTEM_TIME_CHANGE
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// Type: success
;//
;// Description: This event is generated when the system time is changed.
;//
;// Note: This will often appear twice in the audit log; this is an implementation
;// detail wherein changing the system time results in two calls to NtSetSystemTime.
;// This is necessary to deal with time zone changes.
;//
;//
MessageId=0x0208 SymbolicName=SE_AUDITID_SYSTEM_TIME_CHANGE Language=EnglishThe system time was changed.%nProcess ID:%t%t%1%nProcess Name:%t%t%2%nPrimary User Name:%t%3%nPrimary Domain:%t%t%4%nPrimary Logon ID:%t%t%5%nClient User Name:%t%t%6%nClient Domain:%t%t%7%nClient Logon ID:%t%t%8%nPrevious Time:%t%t%10 %9%nNew Time:%t%t%12 %11%n.
;//
;//
;// SE_AUDITID_UNABLE_TO_LOG_EVENTS
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Type: failure
;//
;// Description:
;// This event is generated when the system is not able to log
;// security audit events.
;//
;// Parameters:
;// 1 : Win32 error code
;//
;// 2 : value of the key System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
;// 0 --> CrashOnAuditFail is not set
;// 1 --> system will crash if not able to log audit events
;// 2 --> system has rebooted after such a crash and will allow
;// only admins to logon
;//
;//
MessageId=0x0209 SymbolicName=SE_AUDITID_UNABLE_TO_LOG_EVENTS Language=EnglishUnable to log events to security log:%n%tStatus code:%t%t%1%n%tValue of CrashOnAuditFail:%t%2%n.
;//
;//
;// SE_AUDITID_AUDIT_COLLECTION_AGENT_ERROR
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Type: failure
;//
;// Description:
;// This event is generated when AdtAgent/AdtServer
;// encounter an error.
;//
;// Parameters:
;// 1 : Component (AdtAgent, AdtServer, etc.)
;// 2 : Version of the component
;// 3 : Win32 error
;//
MessageId=0x020A SymbolicName=SE_AUDITID_AUDIT_COLLECTION_AGENT_ERROR Language=EnglishThe audit collection system has encountered an error.%n%tComponent:%t%1%n%tVersion:%t%2%n%tStatus code:%t%3%n.
;//
;//
;// SE_AUDITID_SECURITY_LOG_EXCEEDS_WARNING_LEVEL
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Percent Full
;//
;// Description: This event is generated when security logs exceedes a certain
;// percent full. That percent is controlled by the registry value named
;// "WarningLevel" which is stored in the security subkey of the eventlog.
;//
;//
MessageId=0x020b SymbolicName=SE_AUDITID_SECURITY_LOG_EXCEEDS_WARNING_LEVEL Language=EnglishThe security log is now %1 percent full..
;//
;//
;// SE_AUDITID_EVENT_LOG_AUTOBACKUP
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Type: success/failure
;//
;// Description:
;// This event is generated when the eventlog service automatically
;// backs-up the security log.
;//
;// Parameters:
;// 1 : Type of log (for example, 'Security')
;// 2 : Full path to the backed-up copy
;// 3 : Win32 error (0 ==> success)
;//
MessageId=0x20c SymbolicName=SE_AUDITID_EVENT_LOG_AUTOBACKUP Language=EnglishEvent log auto-backup%n%tLog:%t%1%n%tFile:%t%2%n%tStatus:%t%3%n.
;�;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_LOGON //
;// //
;// Event IDs: //
;// SE_AUDITID_SUCCESSFUL_LOGON //
;// SE_AUDITID_UNKNOWN_USER_OR_PWD //
;// SE_AUDITID_ACCOUNT_TIME_RESTR //
;// SE_AUDITID_ACCOUNT_DISABLED //
;// SE_AUDITID_ACCOUNT_EXPIRED //
;// SE_AUDITID_WORKSTATION_RESTR //
;// SE_AUDITID_LOGON_TYPE_RESTR //
;// SE_AUDITID_PASSWORD_EXPIRED //
;// SE_AUDITID_NETLOGON_NOT_STARTED //
;// SE_AUDITID_UNSUCCESSFUL_LOGON //
;// SE_AUDITID_LOGOFF //
;// SE_AUDITID_ACCOUNT_LOCKED //
;// SE_AUDITID_NETWORK_LOGON //
;// SE_AUDITID_IPSEC_LOGON_SUCCESS //
;// SE_AUDITID_IPSEC_LOGOFF_MM //
;// SE_AUDITID_IPSEC_LOGOFF_QM //
;// SE_AUDITID_IPSEC_AUTH_FAIL_CERT_TRUST //
;// SE_AUDITID_IPSEC_AUTH //
;// SE_AUDITID_IPSEC_ATTRIB_FAIL //
;// SE_AUDITID_IPSEC_NEGOTIATION_FAIL //
;// SE_AUDITID_IPSEC_IKE_NOTIFICATION //
;// SE_AUDITID_DOMAIN_TRUST_INCONSISTENT //
;// SE_AUDITID_AUTH_REPLAY_DETECTED //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_SUCCESSFUL_LOGON
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;// 4 - Logon Type string
;//
;// 5 - Logon process name
;//
;// 6 - Authentication package name
;//
;// 7 - Workstation from which logon request came
;//
;// 8 - Globally unique logon ID
;//
;//
MessageId=0x0210 SymbolicName=SE_AUDITID_SUCCESSFUL_LOGON Language=EnglishSuccessful Logon:%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon ID:%t%t%3%n%tLogon Type:%t%4%n%tLogon Process:%t%5%n%tAuthentication Package:%t%6%n%tWorkstation Name:%t%7%n%tLogon GUID:%t%8%n%tCaller User Name:%t%9%n%tCaller Domain:%t%10%n%tCaller Logon ID:%t%11%n%tCaller Process ID: %12%n%tTransited Services: %13%n%tSource Network Address:%t%14%n%tSource Port:%t%15%n.
;//
;//
;// SE_AUDITID_UNKNOWN_USER_OR_PWD
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0211 SymbolicName=SE_AUDITID_UNKNOWN_USER_OR_PWD Language=EnglishLogon Failure:%n%tReason:%t%tUnknown user name or bad password%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%n%tCaller User Name:%t%7%n%tCaller Domain:%t%8%n%tCaller Logon ID:%t%9%n%tCaller Process ID:%t%10%n%tTransited Services:%t%11%n%tSource Network Address:%t%12%n%tSource Port:%t%13%n.
;//
;//
;// SE_AUDITID_ACCOUNT_TIME_RESTR
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0212 SymbolicName=SE_AUDITID_ACCOUNT_TIME_RESTR Language=EnglishLogon Failure:%n%tReason:%t%tAccount logon time restriction violation%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%n%tCaller User Name:%t%7%n%tCaller Domain:%t%8%n%tCaller Logon ID:%t%9%n%tCaller Process ID:%t%10%n%tTransited Services:%t%11%n%tSource Network Address:%t%12%n%tSource Port:%t%13%n.
;//
;//
;// SE_AUDITID_ACCOUNT_DISABLED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0213 SymbolicName=SE_AUDITID_ACCOUNT_DISABLED Language=EnglishLogon Failure:%n%tReason:%t%tAccount currently disabled%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%n%tCaller User Name:%t%7%n%tCaller Domain:%t%8%n%tCaller Logon ID:%t%9%n%tCaller Process ID:%t%10%n%tTransited Services:%t%11%n%tSource Network Address:%t%12%n%tSource Port:%t%13%n.
;//
;//
;// SE_AUDITID_ACCOUNT_EXPIRED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0214 SymbolicName=SE_AUDITID_ACCOUNT_EXPIRED Language=EnglishLogon Failure:%n%tReason:%t%tThe specified user account has expired%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%n%tCaller User Name:%t%7%n%tCaller Domain:%t%8%n%tCaller Logon ID:%t%9%n%tCaller Process ID:%t%10%n%tTransited Services:%t%11%n%tSource Network Address:%t%12%n%tSource Port:%t%13%n.
;//
;//
;// SE_AUDITID_WORKSTATION_RESTR
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0215 SymbolicName=SE_AUDITID_WORKSTATION_RESTR Language=EnglishLogon Failure:%n%tReason:%t%tUser not allowed to logon at this computer%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%n%tCaller User Name:%t%7%n%tCaller Domain:%t%8%n%tCaller Logon ID:%t%9%n%tCaller Process ID:%t%10%n%tTransited Services:%t%11%n%tSource Network Address:%t%12%n%tSource Port:%t%13%n.
;//
;//
;// SE_AUDITID_LOGON_TYPE_RESTR
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0216 SymbolicName=SE_AUDITID_LOGON_TYPE_RESTR Language=EnglishLogon Failure:%n%tReason:%tThe user has not been granted the requested%n%t%tlogon type at this machine%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%n%tCaller User Name:%t%7%n%tCaller Domain:%t%8%n%tCaller Logon ID:%t%9%n%tCaller Process ID:%t%10%n%tTransited Services:%t%11%n%tSource Network Address:%t%12%n%tSource Port:%t%13%n.
;//
;//
;// SE_AUDITID_PASSWORD_EXPIRED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0217 SymbolicName=SE_AUDITID_PASSWORD_EXPIRED Language=EnglishLogon Failure:%n%tReason:%t%tThe specified account's password has expired%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%n%tCaller User Name:%t%7%n%tCaller Domain:%t%8%n%tCaller Logon ID:%t%9%n%tCaller Process ID:%t%10%n%tTransited Services:%t%11%n%tSource Network Address:%t%12%n%tSource Port:%t%13%n.
;//'
;//
;// SE_AUDITID_NETLOGON_NOT_STARTED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0218 SymbolicName=SE_AUDITID_NETLOGON_NOT_STARTED Language=EnglishLogon Failure:%n%tReason:%t%tThe NetLogon component is not active%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%n%tCaller User Name:%t%7%n%tCaller Domain:%t%8%n%tCaller Logon ID:%t%9%n%tCaller Process ID:%t%10%n%tTransited Services:%t%11%n%tSource Network Address:%t%12%n%tSource Port:%t%13%n.
;//
;//
;// SE_AUDITID_UNSUCCESSFUL_LOGON
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0219 SymbolicName=SE_AUDITID_UNSUCCESSFUL_LOGON Language=EnglishLogon Failure:%n%tReason:%t%tAn error occurred during logon%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%n%tStatus code:%t%7%n%tSubstatus code:%t%8%n%tCaller User Name:%t%9%n%tCaller Domain:%t%10%n%tCaller Logon ID:%t%11%n%tCaller Process ID:%t%12%n%tTransited Services:%t%13%n%tSource Network Address:%t%14%n%tSource Port:%t%15%n.
;//
;//
;// SE_AUDITID_LOGOFF
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : success
;//
;// Description:
;// This event is generated when the logoff process is complete,
;// A logoff is considered complete when the associated logon session object
;// is deleted.
;//
;// Notes:
;// A logon session object is deleted only after all tokens
;// associated with it are closed. This can take arbitrarily long time.
;// Because of this, the time difference between SE_AUDITID_SUCCESSFUL_LOGON
;// and SE_AUDITID_LOGOFF does not accurately indicate the total logon duration
;// for a user. To calculate the logon duration, use the SE_AUDITID_BEGIN_LOGOFF
;// time instead.
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;// 3 - Logon Type string
;//
;//
;//
MessageId=0x021A SymbolicName=SE_AUDITID_LOGOFF Language=EnglishUser Logoff:%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon ID:%t%t%3%n%tLogon Type:%t%4%n.
;//
;//
;// SE_AUDITID_ACCOUNT_LOCKED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x021B SymbolicName=SE_AUDITID_ACCOUNT_LOCKED Language=EnglishLogon Failure:%n%tReason:%t%tAccount locked out%n%tUser Name:%t%1%n%tDomain:%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%n%tCaller User Name:%t%7%n%tCaller Domain:%t%8%n%tCaller Logon ID:%t%9%n%tCaller Process ID: %10%n%tTransited Services: %11%n%tSource Network Address:%t%12%n%tSource Port:%t%13%n.
;//
;//
;// SE_AUDITID_NETWORK_LOGON
;//
;// Category: SE_CATEGID_LOGON
;//
;// Description:
;// This event represents a successful logon of type Network(2) or
;// NetworkCleartext(8).
;//
;// [kumarp] I do not know why this event was created separately because
;// this was already covered by SE_AUDITID_SUCCESSFUL_LOGON with
;// the right logon types.
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;// 4 - Logon Type string
;//
;// 5 - Logon process name
;//
;// 6 - Authentication package name
;//
;// 7 - Workstation from which logon request came
;//
;// 8 - Globally unique logon ID
;//
MessageId=0x021c SymbolicName=SE_AUDITID_NETWORK_LOGON Language=EnglishSuccessful Network Logon:%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon ID:%t%t%3%n%tLogon Type:%t%4%n%tLogon Process:%t%5%n%tAuthentication Package:%t%6%n%tWorkstation Name:%t%7%n%tLogon GUID:%t%8%n%tCaller User Name:%t%9%n%tCaller Domain:%t%10%n%tCaller Logon ID:%t%11%n%tCaller Process ID: %12%n%tTransited Services: %13%n%tSource Network Address:%t%14%n%tSource Port:%t%15%n.
;//
;//
;// SE_AUDITID_IPSEC_LOGON_SUCCESS
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Mode
;//
;// 2 - Peer Identity
;//
;// 3 - Filter
;//
;// 4 - Parameters
;//
;//
MessageId=0x021dSymbolicName=SE_AUDITID_IPSEC_LOGON_SUCCESSLanguage=EnglishIKE security association established.%nMode: %n%1%nPeer Identity: %n%2%nFilter: %n%3%nParameters: %n%4%n.
;//
;//
;// SE_AUDITID_IPSEC_LOGOFF_QM
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Filter
;//
;// 2 - Inbound SPI
;//
;// 3 - Outbound SPI
;//
;//
MessageId=0x021eSymbolicName=SE_AUDITID_IPSEC_LOGOFF_QMLanguage=EnglishIKE security association ended.%nMode: Data Protection (Quick mode)Filter: %n%1%nInbound SPI: %n%2%nOutbound SPI: %n%3%n.
;//
;//
;// SE_AUDITID_IPSEC_LOGOFF_MM
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Filter
;//
MessageId=0x021fSymbolicName=SE_AUDITID_IPSEC_LOGOFF_MMLanguage=EnglishIKE security association ended.%nMode: Key Exchange (Main mode)%nFilter: %n%1%n.
;//
;//
;// SE_AUDITID_IPSEC_AUTH_FAIL_CERT_TRUST
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Peer Identity
;//
;// 2 - Filter
;//
;//
MessageId=0x0220SymbolicName=SE_AUDITID_IPSEC_AUTH_FAIL_CERT_TRUSTLanguage=EnglishIKE security association establishment failed because peer could not authenticate.The certificate trust could not be established.%nPeer Identity: %n%1%nFilter: %n%2%n.
;//
;//
;// SE_AUDITID_IPSEC_AUTH_FAIL
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Peer Identity
;//
;// 2 - Filter
;//
;//
MessageId=0x0221SymbolicName=SE_AUDITID_IPSEC_AUTH_FAILLanguage=EnglishIKE peer authentication failed.%nPeer Identity: %n%1%nFilter: %n%2%n.
;//
;//
;// SE_AUDITID_IPSEC_ATTRIB_FAIL
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Mode
;//
;// 2 - Filter
;//
;// 3 - Attribute Name
;//
;// 4 - Expected Value
;//
;// 5 - Received Value
;//
;//
MessageId=0x0222SymbolicName=SE_AUDITID_IPSEC_ATTRIB_FAILLanguage=EnglishIKE security association establishment failed because peersent invalid proposal.%nMode: %n%1%nFilter: %n%2%nAttribute: %n%3%nExpected value: %n%4%nReceived value: %n%5%n.
;//
;//
;// SE_AUDITID_IPSEC_NEGOTIATION_FAIL
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Mode
;//
;// 2 - Filter
;//
;// 3 - Failure Point
;//
;// 4 - Failure Reason
;//
;//
MessageId=0x0223SymbolicName=SE_AUDITID_IPSEC_NEGOTIATION_FAILLanguage=EnglishIKE security association negotiation failed.%nMode: %n%1%nFilter: %n%2%nPeer Identity: %n%3%n Failure Point: %n%4%nFailure Reason: %n%5%nExtra Status: %n%6%n.
;//
;//
;// SE_AUDITID_DOMAIN_TRUST_INCONSISTENT
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : failure
;//
;// Description:
;// This event is generated by an authentication package when the
;// quarantined domain SID filtering function in LSA returns
;// STATUS_DOMAIN_TRUST_INCONSISTENT error code.
;//
;// In case of kerberos:
;// If the server ticket info has a TDOSid then KdcCheckPacForSidFiltering
;// function makes a check to make sure the SID from the TDO matches
;// the client's home domain SID. A call to LsaIFilterSids
;// is made to do the check. If this function fails with
;// STATUS_DOMAIN_TRUST_INCONSISTENT then this event is generated.
;//
;// In case of netlogon:
;// NlpUserValidateHigher function does a similar check by
;// calling LsaIFilterSids.
;//
;// Notes:
;//
MessageId=0x0224 SymbolicName=SE_AUDITID_DOMAIN_TRUST_INCONSISTENT Language=EnglishLogon Failure:%n%tReason:%t%tDomain sid inconsistent%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%tTransited Services:%t%7%n.
;//
;//
;// SE_AUDITID_ALL_SIDS_FILTERED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : failure
;//
;// Description:
;// During a cross forest authentication, SIDS corresponding to untrusted
;// namespaces are filtered out. If this filtering action results into
;// removal of all sids then this event is generated.
;//
;// Notes:
;// This is generated on the computer running kdc
;//
;// **** This event is now obsolete. The schema below is retained so that
;// people can view old instance of this event using a new viewer.
;//
MessageId=0x0225 SymbolicName=SE_AUDITID_ALL_SIDS_FILTERED Language=EnglishLogon Failure:%n%tReason: %tAll sids were filtered out%n%tUser Name:%t%1%n%tDomain:%t%2%n%tLogon Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package%t: %5%n%tWorkstation Name:%t%6.
;//
;//
;// SE_AUDITID_IPSEC_IKE_NOTIFICATION
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Notification Message
;//
MessageId=0x0226SymbolicName=SE_AUDITID_IPSEC_IKE_NOTIFICATIONLanguage=English%1%n.
;//
;//
;// SE_AUDITID_BEGIN_LOGOFF
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : success
;//
;// Description:
;// This event is generated when a user initiates logoff.
;//
;// Notes:
;// When the logoff process is complete, SE_AUDITID_LOGOFF event is generated.
;// A logoff is considered complete when the associated logon session object
;// is deleted. This happens only after all tokens associated with it are closed.
;// This can take arbitrarily long time therefore there can be a substantial
;// time difference between the two events.
;//
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;//
MessageId=0x0227 SymbolicName=SE_AUDITID_BEGIN_LOGOFF Language=EnglishUser initiated logoff:%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon ID:%t%t%3%n.
;//
;//
;// SE_AUDITID_LOGON_USING_EXPLICIT_CREDENTIALS
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : success
;//
;// Description:
;// This event is generated when someone tries to logon using
;// explicit credentials while already logged on as a different user.
;//
;// Notes:
;// This is generated on the client machine from which logon request originates.
;//
;//
MessageId=0x0228 SymbolicName=SE_AUDITID_LOGON_USING_EXPLICIT_CREDENTIALS Language=EnglishLogon attempt using explicit credentials:%nLogged on user:%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon ID:%t%t%3%n%tLogon GUID:%t%4%nUser whose credentials were used:%n%tTarget User Name:%t%5%n%tTarget Domain:%t%6%n%tTarget Logon GUID: %7%n%nTarget Server Name:%t%8%nTarget Server Info:%t%9%nCaller Process ID:%t%10%nSource Network Address:%t%11%nSource Port:%t%12%n.
;//
;//
;// SE_AUDITID_AUTH_REPLAY_DETECTED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : failure
;//
;// Description:
;// This event is generated when an auth package detects replay attack.
;//
;// Notes:
;// This is generated by the computer running kdc or the server machine
;// that is receiving the auth request. For kerberos, Request Type is one of
;// the KRB_XXX_REQ or whatever request depending on the specific auth protocol.
;//
;//
MessageId=0x0229 SymbolicName=SE_AUDITID_AUTH_REPLAY_DETECTED Language=English%tUser Name:%t%1%n%tDomain:%t%%t%2%n%tRequest Type:%t%3%n%tLogon Process:%t%4%n%tAuthentication Package:%t%5%n%tWorkstation Name:%t%6%n%tCaller User Name:%t%7%n%tCaller Domain:%t%8%n%tCaller Logon ID:%t%9%n%tCaller Process ID: %10%n%tTransited Services: %11%n.
;�;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_OBJECT_ACCESS //
;// //
;// Event IDs: //
;// SE_AUDITID_OPEN_HANDLE //
;// SE_AUDITID_CLOSE_HANDLE //
;// SE_AUDITID_OPEN_OBJECT_FOR_DELETE //
;// SE_AUDITID_DELETE_OBJECT //
;// SE_AUDITID_OPEN_HANDLE_OBJECT_TYPE //
;// SE_AUDITID_OBJECT_OPERATION //
;// SE_AUDITID_OBJECT_ACCESS //
;// SE_AUDITID_HARDLINK_CREATION //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_OPEN_HANDLE
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object Type string
;//
;// 2 - Object name
;//
;// 3 - New handle ID string
;//
;// 4 - Object server name
;//
;// 5 - Process ID string
;//
;// 6 - Primary user account name
;//
;// 7 - Primary authenticating domain name
;//
;// 8 - Primary logon ID string
;//
;// 9 - Client user account name ("-" if no client)
;//
;// 10 - Client authenticating domain name ("-" if no client)
;//
;// 11 - Client logon ID string ("-" if no client)
;//
;// 12 - Access names
;//
;//
;//
;//
MessageId=0x0230 SymbolicName=SE_AUDITID_OPEN_HANDLE Language=EnglishObject Open:%n%tObject Server:%t%1%n%tObject Type:%t%2%n%tObject Name:%t%3%n%tHandle ID:%t%4%n%tOperation ID:%t{%5,%6}%n%tProcess ID:%t%7%n%tImage File Name:%t%8%n%tPrimary User Name:%t%9%n%tPrimary Domain:%t%10%n%tPrimary Logon ID:%t%11%n%tClient User Name:%t%12%n%tClient Domain:%t%13%n%tClient Logon ID:%t%14%n%tAccesses:%t%15%n%tPrivileges:%t%16%n%tRestricted Sid Count:%t%17%n%tAccess Mask:%t%18%n.
;//
;//
;// SE_AUDITID_CLOSE_HANDLE
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object server name
;//
;// 2 - Handle ID string
;//
;// 3 - Process ID string
;//
;//
;//
;//
MessageId=0x0232 SymbolicName=SE_AUDITID_CLOSE_HANDLE Language=EnglishHandle Closed:%n%tObject Server:%t%1%n%tHandle ID:%t%2%n%tProcess ID:%t%3%n%tImage File Name:%t%4%n.
;//
;//
;// SE_AUDITID_OPEN_OBJECT_FOR_DELETE
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object Type string
;//
;// 2 - Object name
;//
;// 3 - New handle ID string
;//
;// 4 - Object server name
;//
;// 5 - Process ID string
;//
;// 6 - Primary user account name
;//
;// 7 - Primary authenticating domain name
;//
;// 8 - Primary logon ID string
;//
;// 9 - Client user account name ("-" if no client)
;//
;// 10 - Client authenticating domain name ("-" if no client)
;//
;// 11 - Client logon ID string ("-" if no client)
;//
;// 12 - Access names
;//
;//
;//
;//
MessageId=0x0233 SymbolicName=SE_AUDITID_OPEN_OBJECT_FOR_DELETE Language=EnglishObject Open for Delete:%n%tObject Server:%t%1%n%tObject Type:%t%2%n%tObject Name:%t%3%n%tHandle ID:%t%4%n%tOperation ID:%t{%5,%6}%n%tProcess ID:%t%7%n%tPrimary User Name:%t%8%n%tPrimary Domain:%t%9%n%tPrimary Logon ID:%t%10%n%tClient User Name:%t%11%n%tClient Domain:%t%12%n%tClient Logon ID:%t%13%n%tAccesses:%t%t%14%n%tPrivileges:%t%t%15%n%tAccess Mask:%t%16%n.
;//
;//
;// SE_AUDITID_DELETE_OBJECT
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object server name
;//
;// 2 - Handle ID string
;//
;// 3 - Process ID string
;//
;//
;//
;//
MessageId=0x0234 SymbolicName=SE_AUDITID_DELETE_OBJECT Language=EnglishObject Deleted:%n%tObject Server:%t%1%n%tHandle ID:%t%2%n%tProcess ID:%t%3%n%tImage File Name:%t%4%n.
;//
;//
;// SE_AUDITID_OPEN_HANDLE_OBJECT_TYPE
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object Type string
;//
;// 2 - Object name
;//
;// 3 - New handle ID string
;//
;// 4 - Object server name
;//
;// 5 - Process ID string
;//
;// 6 - Primary user account name
;//
;// 7 - Primary authenticating domain name
;//
;// 8 - Primary logon ID string
;//
;// 9 - Client user account name ("-" if no client)
;//
;// 10 - Client authenticating domain name ("-" if no client)
;//
;// 11 - Client logon ID string ("-" if no client)
;//
;// 12 - Access names
;//
;// 13 - Object Type parameters
;//
;//
;//
;//
MessageId=0x0235 SymbolicName=SE_AUDITID_OPEN_HANDLE_OBJECT_TYPE Language=EnglishObject Open:%n%tObject Server:%t%1%n%tObject Type:%t%2%n%tObject Name:%t%3%n%tHandle ID:%t%4%n%tOperation ID:%t{%5,%6}%n%tProcess ID:%t%7%n%tProcess Name:%t%8%n%tPrimary User Name:%t%9%n%tPrimary Domain:%t%10%n%tPrimary Logon ID:%t%11%n%tClient User Name:%t%12%n%tClient Domain:%t%13%n%tClient Logon ID:%t%14%n%tAccesses:%t%15%n%tPrivileges:%t%16%n%n%tProperties:%n%17%n%tAccess Mask:%t%18%n.
;�;// SE_AUDITID_OBJECT_OPERATION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Operation Name
;//
;// 2 - Object Type
;//
;// 3 - Object name
;//
;// 4 - Handle ID
;//
;// 5 - Primary user account name
;//
;// 6 - Primary authenticating domain name
;//
;// 7 - Primary logon ID string
;//
;// 8 - Client user account name ("-" if no client)
;//
;// 9 - Client authenticating domain name ("-" if no client)
;//
;// 10 - Client logon ID string ("-" if no client)
;//
;// 11 - Requested accesses to the object
;//
;// 12 - Object properties ("-" if none)
;//
;// 13 - additional information ("-" if none)
;//
MessageId=0x0236 SymbolicName=SE_AUDITID_OBJECT_OPERATION Language=EnglishObject Operation:%n%tObject Server:%t%1%n%tOperation Type:%t%2%n%tObject Type:%t%3%n%tObject Name:%t%4%n%tHandle ID:%t%5%n%tPrimary User Name:%t%6%n%tPrimary Domain:%t%7%n%tPrimary Logon ID:%t%8%n%tClient User Name:%t%9%n%tClient Domain:%t%10%n%tClient Logon ID:%t%11%n%tAccesses:%t%12%n%tProperties:%n%t%13%n%tAdditional Info:%t%14%n%tAdditional Info2:%t%15%n%tAccess Mask:%t%16%n.
;//
;//
;// SE_AUDITID_OBJECT_ACCESS
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object server name
;//
;// 2 - Handle ID string
;//
;// 3 - Process ID string
;//
;// 4 - List of Accesses
;//
;//
MessageId=0x0237 SymbolicName=SE_AUDITID_OBJECT_ACCESS Language=EnglishObject Access Attempt:%n%tObject Server:%t%1%n%tHandle ID:%t%2%n%tObject Type:%t%3%n%tProcess ID:%t%4%n%tImage File Name:%t%5%n%tAccesses:%t%6%n%tAccess Mask:%t%7%n.
;//
;//
;// SE_AUDITID_HARDLINK_CREATION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object server name
;//
;// 2 - Handle ID string
;//
;// 3 - Process ID string
;//
;//
;//
;//
MessageId=0x0238 SymbolicName=SE_AUDITID_HARDLINK_CREATION Language=EnglishHard link creation attempt:%n%tPrimary User Name:%t%1%n%tPrimary Domain:%t%2%n%tPrimary Logon ID:%t%3%n%tFile Name:%t%4%n%tLink Name:%t%5%n.
;//
;//
;// SE_AUDITID_AZ_CLIENTCONTEXT_CREATION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Application name
;//
;// 2 - Application instance id
;//
;// 3 - Client name
;//
;// 4 - Client domain name
;//
;// 5 - Client Logon id
;//
;// 6 - Error status
;//
;//
;// Description: This audit is generated when the resource manager in AZ
;// creates a client context. Currently, the only creation supported is
;// from a Nt Token. To track back to the identity of the client, use the Client
;// context Id and match it with the Logon Id in the Token Creation audit.
;//
;//
MessageId=0x0239 SymbolicName=SE_AUDITID_AZ_CLIENTCONTEXT_CREATION Language=EnglishApplication client context creation attempt:%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2%n%tClient Name:%t%3%n%tClient Domain:%t%4%n%tClient Context ID:%t%5%n%tStatus:%t%6%n.
;//
;//
;// SE_AUDITID_AZ_ACCESSCHECK
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Application Name
;//
;// 2 - Application instance luid
;//
;// 3 - Object Name
;//
;// 4 - Scope name to which the object belongs
;// Scopes are not nested in V1. In V2, this will be a comma
;// separated list.
;//
;// 5 - Client name
;//
;// 6 - Client domain name
;//
;// 7 - Client Logon Id
;//
;// 8 - Role information
;// Role because of which the client was granted access.
;//
;// 9 - Group Information
;// Groups because of which the client belonged to the role.
;// This is a comma separated list.
;//
;// 10 - Operation name
;// Name of the operation e.g. Read general information
;//
;// 11 - Operation Id
;// DWORD internal representation of the operation.
;//
;//
;// Desription: This audit is generated when the client accesses an object.
;// One audit (success/failure) is generated per every Operation asked for.
;// Ex: Asked for Op1, Op2, Op3.
;// Granted Op1; Denied Op2, Op3
;// Will generate one success and 2 failure audits.
;//
MessageId=0x023A SymbolicName=SE_AUDITID_AZ_ACCESSCHECK Language=EnglishApplication operation attempt:%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2%n%tObject Name:%t%3%n%tScope Names:%t%4%n%tClient Name:%t%5%n%tClient Domain:%t%6%n%tClient Context ID:%t%7%n%tRole:%t%8%n%tGroups:%t%9%n%tOperation Name:%t%10 (%11)%n.
;//
;//
;// SE_AUDITID_AZ_CLIENTCONTEXT_DELETION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Application name
;//
;// 2 - Application instance luid
;//
;// 3 - Client name
;//
;// 4 - Client domain name
;//
;// 5 - Client login Id
;//
;// Description: This audit is generated when the client context is deleted by
;// the AZ app. Tie this with the client context creation audit.
;//
;//
;//
MessageId=0x023B SymbolicName=SE_AUDITID_AZ_CLIENTCONTEXT_DELETION Language=EnglishApplication client context deletion:%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2%n%tClient Name:%t%3%n%tClient Domain:%t%4%n%tClient Context ID:%t%5%n.
;//
;//
;// SE_AUDITID_AZ_APPLICATION_INITIALIZATION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Application name
;//
;// 2 - Application instance luid
;//
;// 3 - Client name
;//
;// 4 - Client domain name
;//
;// 5 - Client logon id
;//
;// 6 - Policy store url
;//
;// Description: This audit is generated when the admin manager initializes the
;// app. The applciation name and instance Id help to tie the future audits.
;//
;//
;//
MessageId=0x023C SymbolicName=SE_AUDITID_AZ_APPLICATION_INITIALIZATION Language=EnglishApplication Initialized%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2%n%tClient Name:%t%3%n%tClient Domain:%t%4%n%tClient ID:%t%5%n%tPolicy Store URL:%t%6%n.
;//
;//
;// SE_AUDITID_GENERIC_AUDIT_EVENT
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - source name
;//
;// 2 - event ID specific to this source
;//
;// 3 - 27 : insertion strings
;//
;//
;// Description:
;// This audit is generated when a process generates non-system audit event
;// using the AuthZ audit API. Parameters supplied by the process are converted
;// to strings and inserted as strings %3 through %27.
;//
;//
;//
MessageId=0x023D SymbolicName=SE_AUDITID_GENERIC_AUDIT_EVENT Language=English%nApplication-specific security event.%n%tEvent Source:%t%1%n%tEvent ID:%t%2%n%t%t%3%n%t%t%4%n%t%t%5%n%t%t%6%n%t%t%7%n%t%t%8%n%t%t%9%n%t%t%10%n%t%t%11%n%t%t%12%n%t%t%13%n%t%t%14%n%t%t%15%n%t%t%16%n%t%t%17%n%t%t%18%n%t%t%19%n%t%t%20%n%t%t%21%n%t%t%22%n%t%t%23%n%t%t%24%n%t%t%25%n%t%t%26%n%t%t%27%n.
;�;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_PRIVILEGE_USE //
;// //
;// Event IDs: //
;// SE_AUDITID_ASSIGN_SPECIAL_PRIV //
;// SE_AUDITID_PRIVILEGED_SERVICE //
;// SE_AUDITID_PRIVILEGED_OBJECT //
;// //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_ASSIGN_SPECIAL_PRIV
;//
;// Category: SE_CATEGID_PRIVILEGE_USE
;//
;// Description:
;// When a user logs on, if any one of the following privileges is added
;// to his/her token, this event is generated.
;//
;// - SeChangeNotifyPrivilege
;// - SeAuditPrivilege
;// - SeCreateTokenPrivilege
;// - SeAssignPrimaryTokenPrivilege
;// - SeBackupPrivilege
;// - SeRestorePrivilege
;// - SeDebugPrivilege
;//
;//
;// Parameter Strings -
;//
;// 1 - User name
;//
;// 2 - domain name
;//
;// 3 - Logon ID string
;//
;// 4 - Privilege names (as 1 string, with formatting)
;//
;//
;//
;//
MessageId=0x0240 SymbolicName=SE_AUDITID_ASSIGN_SPECIAL_PRIV Language=EnglishSpecial privileges assigned to new logon:%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon ID:%t%t%3%n%tPrivileges:%t%4.
;//
;//
;// SE_AUDITID_PRIVILEGED_SERVICE
;//
;// Category: SE_CATEGID_PRIVILEGE_USE
;//
;// Description:
;// This event is generated when a user makes an attempt to perform
;// a privileged system service operation.
;//
;// Parameter Strings -
;//
;// 1 - server name
;//
;// 2 - service name
;//
;// 3 - Primary User name
;//
;// 4 - Primary domain name
;//
;// 5 - Primary Logon ID string
;//
;// 6 - Client User name (or "-" if not impersonating)
;//
;// 7 - Client domain name (or "-" if not impersonating)
;//
;// 8 - Client Logon ID string (or "-" if not impersonating)
;//
;// 9 - Privilege names (as 1 string, with formatting)
;//
;//
;//
;//
MessageId=0x0241 SymbolicName=SE_AUDITID_PRIVILEGED_SERVICE Language=EnglishPrivileged Service Called:%n%tServer:%t%t%1%n%tService:%t%t%2%n%tPrimary User Name:%t%3%n%tPrimary Domain:%t%4%n%tPrimary Logon ID:%t%5%n%tClient User Name:%t%6%n%tClient Domain:%t%7%n%tClient Logon ID:%t%8%n%tPrivileges:%t%9.
;//
;//
;// SE_AUDITID_PRIVILEGED_OBJECT
;//
;// Category: SE_CATEGID_PRIVILEGE_USE
;//
;// Parameter Strings -
;//
;// 1 - object server
;//
;// 2 - object handle (if available)
;//
;// 3 - process ID string
;//
;// 4 - Primary User name
;//
;// 5 - Primary domain name
;//
;// 6 - Primary Logon ID string
;//
;// 7 - Client User name (or "-" if not impersonating)
;//
;// 8 - Client domain name (or "-" if not impersonating)
;//
;// 9 - Client Logon ID string (or "-" if not impersonating)
;//
;// 10 - Privilege names (as 1 string, with formatting)
;//
;//
MessageId=0x0242 SymbolicName=SE_AUDITID_PRIVILEGED_OBJECT Language=EnglishPrivileged object operation:%n%tObject Server:%t%1%n%tObject Handle:%t%2%n%tProcess ID:%t%3%n%tPrimary User Name:%t%4%n%tPrimary Domain:%t%5%n%tPrimary Logon ID:%t%6%n%tClient User Name:%t%7%n%tClient Domain:%t%8%n%tClient Logon ID:%t%9%n%tPrivileges:%t%10.
;�;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_DETAILED_TRACKING //
;// //
;// Event IDs: //
;// SE_AUDITID_PROCESS_CREATED //
;// SE_AUDITID_PROCESS_EXIT //
;// SE_AUDITID_DUPLICATE_HANDLE //
;// SE_AUDITID_INDIRECT_REFERENCE //
;// SE_AUDITID_DPAPI_BACKUP //
;// SE_AUDITID_DPAPI_RECOVERY //
;// SE_AUDITID_DPAPI_PROTECT //
;// SE_AUDITID_DPAPI_UNPROTECT //
;// SE_AUDITID_ASSIGN_TOKEN //
;// SE_AUDITID_SERVICE_INSTALL //
;// SE_AUDITID_JOB_CREATED //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_PROCESS_CREATED
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - process ID string
;//
;// 2 - Image file name (if available - otherwise "-")
;//
;// 3 - Creating process's ID
;//
;// 4 - User name (of new process)
;//
;// 5 - domain name (of new process)
;//
;// 6 - Logon ID string (of new process)
;//
MessageId=0x0250 SymbolicName=SE_AUDITID_PROCESS_CREATED Language=EnglishA new process has been created:%n%tNew Process ID:%t%1%n%tImage File Name:%t%2%n%tCreator Process ID:%t%3%n%tUser Name:%t%4%n%tDomain:%t%t%5%n%tLogon ID:%t%t%6%n.
;//
;//
;// SE_AUDITID_PROCESS_EXIT
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - process ID string
;//
;// 2 - image name
;//
;// 3 - User name
;//
;// 4 - domain name
;//
;// 5 - Logon ID string
;//
;//
;//
;//
MessageId=0x0251 SymbolicName=SE_AUDITID_PROCESS_EXIT Language=EnglishA process has exited:%n%tProcess ID:%t%1%n%tImage File Name:%t%2%n%tUser Name:%t%3%n%tDomain:%t%t%4%n%tLogon ID:%t%t%5%n.
;//
;//
;// SE_AUDITID_DUPLICATE_HANDLE
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - Origin (source) handle ID string
;//
;// 2 - Origin (source) process ID string
;//
;// 3 - New (Target) handle ID string
;//
;// 4 - Target process ID string
;//
;//
;//
MessageId=0x0252 SymbolicName=SE_AUDITID_DUPLICATE_HANDLE Language=EnglishA handle to an object has been duplicated:%n%tSource Handle ID:%t%1%n%tSource Process ID:%t%2%n%tTarget Handle ID:%t%3%n%tTarget Process ID:%t%4%n.
;//
;//
;// SE_AUDITID_INDIRECT_REFERENCE
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - Object type
;//
;// 2 - object name (if available - otherwise "-")
;//
;// 3 - ID string of handle used to gain access
;//
;// 3 - server name
;//
;// 4 - process ID string
;//
;// 5 - primary User name
;//
;// 6 - primary domain name
;//
;// 7 - primary logon ID
;//
;// 8 - client User name
;//
;// 9 - client domain name
;//
;// 10 - client logon ID
;//
;// 11 - granted access names (with formatting)
;//
;//
MessageId=0x0253 SymbolicName=SE_AUDITID_INDIRECT_REFERENCE Language=EnglishIndirect access to an object has been obtained:%n%tObject Type:%t%1%n%tObject Name:%t%2%n%tProcess ID:%t%3%n%tPrimary User Name:%t%4%n%tPrimary Domain:%t%5%n%tPrimary Logon ID:%t%6%n%tClient User Name:%t%7%n%tClient Domain:%t%8%n%tClient Logon ID:%t%9%n%tAccesses:%t%10%n%tAccess Mask:%t%11%n.
;//
;//
;// SE_AUDITID_DPAPI_BACKUP
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - Master key GUID
;//
;// 2 - Recovery Server
;//
;// 3 - GUID identifier of the recovery key
;//
;// 4 - Failure reason
;//
MessageId=0x0254 SymbolicName=SE_AUDITID_DPAPI_BACKUP Language=EnglishBackup of data protection master key.%n%tKey Identifier:%t%t%1%n%tRecovery Server:%t%t%2%n%tRecovery Key ID:%t%t%3%n%tFailure Reason:%t%t%4%n.
;//
;//
;// SE_AUDITID_DPAPI_RECOVERY
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - Master key GUID
;//
;// 2 - Recovery Server
;//
;// 3 - Reason for the backup
;//
;// 4 - GUID identifier of the recovery key
;//
;// 5 - Failure reason
;//
MessageId=0x0255 SymbolicName=SE_AUDITID_DPAPI_RECOVERY Language=EnglishRecovery of data protection master key.%n%tKey Identifier:%t%t%1%n%tRecovery Reason:%t%t%3%n%tRecovery Server:%t%t%2%n%tRecovery Key ID:%t%t%4%n%tFailure Reason:%t%t%5%n.
;//
;//
;// SE_AUDITID_DPAPI_PROTECT
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;//
;// 1 - Master key GUID
;//
;// 2 - Data Description
;//
;// 3 - Protected data flags
;//
;// 4 - Algorithms
;//
;// 5 - failure reason
;//
MessageId=0x0256 SymbolicName=SE_AUDITID_DPAPI_PROTECT Language=EnglishProtection of auditable protected data.%n%tData Description:%t%t%2%n%tKey Identifier:%t%t%1%n%tProtected Data Flags:%t%3%n%tProtection Algorithms:%t%4%n%tFailure Reason:%t%t%5%n.
;//
;//
;// SE_AUDITID_DPAPI_UNPROTECT
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;//
;// 1 - Master key GUID
;//
;// 2 - Data Description
;//
;// 3 - Protected data flags
;//
;// 4 - Algorithms
;//
;// 5 - failure reason
;//
MessageId=0x0257 SymbolicName=SE_AUDITID_DPAPI_UNPROTECT Language=EnglishUnprotection of auditable protected data.%n%tData Description:%t%t%2%n%tKey Identifier:%t%t%1%n%tProtected Data Flags:%t%3%n%tProtection Algorithms:%t%4%n%tFailure Reason:%t%t%5%n.
;//
;//
;// SE_AUDITID_ASSIGN_TOKEN
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1. Current Process ID (the process doing the assignment
;// 2. Current Image File Name
;// 3. Current User Name
;// 4. Current Domain
;// 5. Current Logon ID
;//
;// 6. Process ID (of new process)
;// 7. Image Name (of new process)
;// 8. User name (of new process)
;// 9. domain name (of new process)
;// 10. Logon ID string (of new process)
;//
MessageId=0x0258 SymbolicName=SE_AUDITID_ASSIGN_TOKEN Language=EnglishA process was assigned a primary token.%nAssigning Process Information:%n%tProcess ID:%t%1%n%tImage File Name:%t%2%n%tPrimary User Name:%t%3%n%tPrimary Domain:%t%4%n%tPrimary Logon ID:%t%5%nNew Process Information:%n%tProcess ID:%t%6%n%tImage File Name:%t%7%n%tTarget User Name:%t%8%n%tTarget Domain:%t%9%n%tTarget Logon ID:%t%10%n.
;//
;//
;// SE_AUDITID_SERVICE_INSTALL
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Event type: success/failure
;//
;// Description:
;// This event is generated when a service is installed
;//
;// Note:
;//
MessageId=0x0259 SymbolicName=SE_AUDITID_SERVICE_INSTALL Language=EnglishAttempt to install service:%n%tService Name:%t%1%n%tService File Name:%t%2%n%tService Type:%t%3%n%tService Start Type:%t%4%n%tService Account:%t%5%nBy:%n%tUser Name:%t%6%n%tDomain:%t%t%7%n%tLogon ID:%t%t%8%n.
;//
;//
;// SE_AUDITID_JOB_CREATED
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Event type: success/failure
;//
;// Description:
;// This event is generated when a scheduler job is created
;// File Name is the name of the file in the Tasks folder.
;// Task Time, Days of Month, Days of Week, Flags and Commandline
;// are taken from the AT_INFO structure.
;// Target Name and Target Domain are the user account the job
;// is to run as. This event is generated by the task scheduler
;// through for example the AT command.
;//
;// Note:
;//
MessageId=0x025A SymbolicName=SE_AUDITID_JOB_CREATED Language=EnglishScheduled Task created:%n%tFile Name:%t%1%n%tCommand:%t%2%n%tTriggers:%t%t%3%n%tTime:%t%t%4 %5%n%tFlags:%t%t%6%n%tTarget User:%t%7%nBy:%n%tUser:%t%t%8%n%tDomain:%t%t%9%n%tLogon ID:%t%t%10%n.
;�;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_POLICY_CHANGE //
;// //
;// Event IDs: //
;// SE_AUDITID_USER_RIGHT_ASSIGNED //
;// SE_AUDITID_USER_RIGHT_REMOVED //
;// SE_AUDITID_TRUSTED_DOMAIN_ADD //
;// SE_AUDITID_TRUSTED_DOMAIN_REM //
;// SE_AUDITID_TRUSTED_DOMAIN_MOD //
;// SE_AUDITID_POLICY_CHANGE //
;// SE_AUDITID_IPSEC_POLICY_START //
;// SE_AUDITID_IPSEC_POLICY_DISABLED //
;// SE_AUDITID_IPSEC_POLICY_CHANGED //
;// SE_AUDITID_IPSEC_POLICY_FAILURE //
;// SE_AUDITID_SYSTEM_ACCESS_CHANGE //
;// SE_AUDITID_NAMESPACE_COLLISION //
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_ADD //
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_REM //
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_MOD //
;// SE_AUDITID_PER_USER_AUDIT_TABLE_CREATION //
;// SE_AUDITID_PER_USER_AUDIT_TABLE_ELEMENT_CREATION //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_USER_RIGHT_ASSIGNED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - User right name
;//
;// 2 - SID string of account assigned the user right
;//
;// 3 - User name of subject assigning the right
;//
;// 4 - Domain name of subject assigning the right
;//
;// 5 - Logon ID string of subject assigning the right
;//
;//
;//
MessageId=0x0260 SymbolicName=SE_AUDITID_USER_RIGHT_ASSIGNED Language=EnglishUser Right Assigned:%n%tUser Right:%t%1%n%tAssigned To:%t%2%n%tAssigned By:%n%t User Name:%t%3%n%t Domain:%t%t%4%n%t Logon ID:%t%5%n.
;//
;//
;// SE_AUDITID_USER_RIGHT_REMOVED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - User right name
;//
;// 2 - SID string of account from which the user
;// right was removed
;//
;// 3 - User name of subject removing the right
;//
;// 4 - Domain name of subject removing the right
;//
;// 5 - Logon ID string of subject removing the right
;//
;//
MessageId=0x0261 SymbolicName=SE_AUDITID_USER_RIGHT_REMOVED Language=EnglishUser Right Removed:%n%tUser Right:%t%1%n%tRemoved From:%t%2%n%tRemoved By:%n%t User Name:%t%3%n%t Domain:%t%t%4%n%t Logon ID:%t%5%n.
;//
;//
;// SE_AUDITID_TRUSTED_DOMAIN_ADD
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success/failure
;//
;// Description:
;// This event is generated when somebody creates a trust relationship
;// with another domain.
;//
;// Note:
;// It is recorded on the domain controller on which
;// the trusted domain object (TDO) is created and not on any other
;// domain controller to which the TDO creation replicates.
;//
MessageId=0x0262 SymbolicName=SE_AUDITID_TRUSTED_DOMAIN_ADD Language=EnglishNew Trusted Domain:%n%tDomain Name:%t%1%n%tDomain ID:%t%2%n%tEstablished By:%n%t User Name:%t%3%n%t Domain:%t%t%4%n%t Logon ID:%t%5%n%tTrust Type:%t%6%n%tTrust Direction:%t%7%n%tTrust Attributes:%t%8%n%tSID Filtering:%t%9%n.
;//
;//
;// SE_AUDITID_TRUSTED_DOMAIN_REM
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success/failure
;//
;// Description:
;// This event is generated when somebody removes a trust relationship
;// with another domain.
;//
;// Note:
;// It is recorded on the domain controller on which
;// the trusted domain object (TDO) is deleted and not on any other
;// domain controller to which the TDO deletion replicates.
;//
MessageId=0x0263 SymbolicName=SE_AUDITID_TRUSTED_DOMAIN_REM Language=EnglishTrusted Domain Removed:%n%tDomain Name:%t%1%n%tDomain ID:%t%2%n%tRemoved By:%n%t User Name:%t%3%n%t Domain:%t%t%4%n%t Logon ID:%t%5%n.
;//
;//
;// SE_AUDITID_POLICY_CHANGE
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - System success audit status ("+" or "-")
;// 2 - System failure audit status ("+" or "-")
;//
;// 3 - Logon/Logoff success audit status ("+" or "-")
;// 4 - Logon/Logoff failure audit status ("+" or "-")
;//
;// 5 - Object Access success audit status ("+" or "-")
;// 6 - Object Access failure audit status ("+" or "-")
;//
;// 7 - Detailed Tracking success audit status ("+" or "-")
;// 8 - Detailed Tracking failure audit status ("+" or "-")
;//
;// 9 - Privilege Use success audit status ("+" or "-")
;// 10 - Privilege Use failure audit status ("+" or "-")
;//
;// 11 - Policy Change success audit status ("+" or "-")
;// 12 - Policy Change failure audit status ("+" or "-")
;//
;// 13 - Account Management success audit status ("+" or "-")
;// 14 - Account Management failure audit status ("+" or "-")
;//
;// 15 - Directory Service access success audit status ("+" or "-")
;// 16 - Directory Service access failure audit status ("+" or "-")
;//
;// 17 - Account Logon success audit status ("+" or "-")
;// 18 - Account Logon failure audit status ("+" or "-")
;//
;// 19 - Account Name of user that changed the policy
;//
;// 20 - Domain of user that changed the policy
;//
;// 21 - Logon ID of user that changed the policy
;//
;//
MessageId=0x0264 SymbolicName=SE_AUDITID_POLICY_CHANGE Language=EnglishAudit Policy Change:%nNew Policy:%n%tSuccess%tFailure%n%t %3%t %4%tLogon/Logoff%n%t %5%t %6%tObject Access%n%t %7%t %8%tPrivilege Use%n%t %13%t %14%tAccount Management%n%t %11%t %12%tPolicy Change%n%t %1%t %2%tSystem%n%t %9%t %10%tDetailed Tracking%n%t %15%t %16%tDirectory Service Access%n%t %17%t %18%tAccount Logon%n%nChanged By:%n%t User Name:%t%19%n%t Domain Name:%t%20%n%t Logon ID:%t%21.
;//
;//
;// SE_AUDITID_IPSEC_POLICY_START
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - Ipsec Policy Agent
;//
;// 2 - Policy Source
;//
;// 3 - Event Data
;//
;//
MessageId=0x0265 SymbolicName=SE_AUDITID_IPSEC_POLICY_START Language=EnglishIPSec Services started: %t%1%nPolicy Source: %t%2%n%3%n.
;//
;//
;// SE_AUDITID_IPSEC_POLICY_DISABLED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - Ipsec Policy Agent
;//
;// 2 - Event Data
;//
;//
MessageId=0x0266 SymbolicName=SE_AUDITID_IPSEC_POLICY_DISABLED Language=EnglishIPSec Services disabled: %t%1%n%2%n.
;//
;//
;// SE_AUDITID_IPSEC_POLICY_CHANGED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - Event Data
;//
;//
MessageId=0x0267 SymbolicName=SE_AUDITID_IPSEC_POLICY_CHANGED Language=EnglishIPSec Services: %t%1%n.
;//
;//
;// SE_AUDITID_IPSEC_POLICY_FAILURE
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - Event Data
;//
;//
MessageId=0x0268 SymbolicName=SE_AUDITID_IPSEC_POLICY_FAILURE Language=EnglishIPSec Services encountered a potentially serious failure.%n%1%n.
;//
;//
;// SE_AUDITID_KERBEROS_POLICY_CHANGE
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - user account name
;//
;// 2 - domain name of user
;//
;// 3 - logon ID of user
;//
;// 4 - description of the change made
;//
;//
MessageId=0x0269 SymbolicName=SE_AUDITID_KERBEROS_POLICY_CHANGE Language=EnglishKerberos Policy Changed:%nChanged By:%n%t User Name:%t%1%n%t Domain Name:%t%2%n%t Logon ID:%t%3%nChanges made:%n('--' means no changes, otherwise each change is shown as:%n<ParameterName>: <new value> (<old value>))%n%4%n.
;//
;//
;// SE_AUDITID_EFS_POLICY_CHANGE
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - user account name
;//
;// 2 - domain name of user
;//
;// 3 - logon ID of user
;//
;// 4 - description of the change made
;//
;//
MessageId=0x026a SymbolicName=SE_AUDITID_EFS_POLICY_CHANGE Language=EnglishEncrypted Data Recovery Policy Changed:%nChanged By:%n%t User Name:%t%1%n%t Domain Name:%t%2%n%t Logon ID:%t%3%nChanges made:%n('--' means no changes, otherwise each change is shown as:%n<ParameterName>: <new value> (<old value>))%n%4%n.
;//
;//
;// SE_AUDITID_TRUSTED_DOMAIN_MOD
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success/failure
;//
;// Description:
;// This event is generated when somebody modifies a trust relationship
;// with another domain.
;//
;// Note:
;// It is recorded on the domain controller on which
;// the trusted domain object (TDO) is modified and not on any other
;// domain controller to which the TDO modification replicates.
;//
MessageId=0x026C SymbolicName=SE_AUDITID_TRUSTED_DOMAIN_MOD Language=EnglishTrusted Domain Information Modified:%n%tDomain Name:%t%1%n%tDomain ID:%t%2%n%tModified By:%n%t User Name:%t%3%n%t Domain:%t%t%4%n%t Logon ID:%t%5%n%tTrust Type:%t%6%n%tTrust Direction:%t%7%n%tTrust Attributes:%t%8%n%tSID Filtering:%t%9%n.
;//
;//
;// SE_AUDITID_SYSTEM_ACCESS_GRANTED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - User right name
;//
;// 2 - SID string of account for which the user
;// right was affected
;//
;// 3 - User name of subject changing the right
;//
;// 4 - Domain name of subject changing the right
;//
;// 5 - Logon ID string of subject changing the right
;//
;//
MessageId=0x026d SymbolicName=SE_AUDITID_SYSTEM_ACCESS_GRANTED Language=EnglishSystem Security Access Granted:%n%tAccess Granted:%t%4%n%tAccount Modified:%t%5%n%tAssigned By:%n%t User Name:%t%1%n%t Domain:%t%t%2%n%t Logon ID:%t%3%n.
;//
;//
;// SE_AUDITID_SYSTEM_ACCESS_REMOVED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - User right name
;//
;// 2 - SID string of account for which the user
;// right was affected
;//
;// 3 - User name of subject changing the right
;//
;// 4 - Domain name of subject changing the right
;//
;// 5 - Logon ID string of subject changing the right
;//
;//
MessageId=0x026e SymbolicName=SE_AUDITID_SYSTEM_ACCESS_REMOVED Language=EnglishSystem Security Access Removed:%n%tAccess Removed:%t%4%n%tAccount Modified:%t%5%n%tRemoved By:%n%t User Name:%t%1%n%t Domain:%t%t%2%n%t Logon ID:%t%3%n.
;//
;//
;// SE_AUDITID_NAMESPACE_COLLISION
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// When a namespace element in one forest overlaps a namespace element in
;// some other forest, it can lead to ambiguity in resolving a name
;// belonging to one of the namespace elements. This overlap is also called
;// a collision.This event is generated when such a collision is detected.
;//
;// Note:
;// Not all fields are valid for each entry type.
;// For example, fields like DNS name, NetBIOS name and SID are not valid
;// for an entry of type 'TopLevelName'.
;//
MessageId=0x0300 SymbolicName=SE_AUDITID_NAMESPACE_COLLISION Language=EnglishNamespace collision detected:%n%tTarget type:%t%1%n%tTarget name:%t%2%n%tForest Root:%t%3%n%tTop Level Name:%t%4%n%tDNS Name:%t%5%n%tNetBIOS Name:%t%6%n%tSID:%t%t%7%n%tNew Flags:%t%8%n.
;//
;//
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_ADD
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the forest trust information is updated and
;// one or more entries get added. One such audit event is generated
;// per added entry. If multiple entries get added, deleted or modified
;// in a single update of the forest trust information, all the generated
;// audit events will have a single unique identifier called OperationID.
;// This allows one to determine that the multiple generated audits are
;// the result of a single operation.
;//
;// Note:
;// Not all fields are valid for each entry type.
;// For example, fields like DNS name, NetBIOS name and SID are not valid
;// for an entry of type 'TopLevelName'.
;//
MessageId=0x0301 SymbolicName=SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_ADD Language=EnglishTrusted Forest Information Entry Added:%n%tForest Root:%t%1%n%tForest Root SID:%t%2%n%tOperation ID:%t{%3,%4}%n%tEntry Type:%t%5%n%tFlags:%t%t%6%n%tTop Level Name:%t%7%n%tDNS Name:%t%8%n%tNetBIOS Name:%t%9%n%tDomain SID:%t%10%n%tAdded by%t:%n%tClient User Name:%t%11%n%tClient Domain:%t%12%n%tClient Logon ID:%t%13%n.
;//
;//
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_REM
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the forest trust information is updated and
;// one or more entries get deleted. One such audit event is generated
;// per deleted entry. If multiple entries get added, deleted or modified
;// in a single update of the forest trust information, all the generated
;// audit events will have a single unique identifier called OperationID.
;// This allows one to determine that the multiple generated audits are
;// the result of a single operation.
;//
;// Note:
;// Not all fields are valid for each entry type.
;// For example, fields like DNS name, NetBIOS name and SID are not valid
;// for an entry of type 'TopLevelName'.
;//
MessageId=0x0302 SymbolicName=SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_REM Language=EnglishTrusted Forest Information Entry Removed:%n%tForest Root:%t%1%n%tForest Root SID:%t%2%n%tOperation ID:%t{%3,%4}%n%tEntry Type:%t%5%n%tFlags:%t%t%6%n%tTop Level Name:%t%7%n%tDNS Name:%t%8%n%tNetBIOS Name:%t%9%n%tDomain SID:%t%10%n%tRemoved by%t:%n%tClient User Name:%t%11%n%tClient Domain:%t%12%n%tClient Logon ID:%t%13%n.
;//
;//
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_MOD
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the forest trust information is updated and
;// one or more entries get modified. One such audit event is generated
;// per modified entry. If multiple entries get added, deleted or modified
;// in a single update of the forest trust information, all the generated
;// audit events will have a single unique identifier called OperationID.
;// This allows one to determine that the multiple generated audits are
;// the result of a single operation.
;//
;// Note:
;// Not all fields are valid for each entry type.
;// For example, fields like DNS name, NetBIOS name and SID are not valid
;// for an entry of type 'TopLevelName'.
;//
MessageId=0x0303 SymbolicName=SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_MOD Language=EnglishTrusted Forest Information Entry Modified:%n%tForest Root:%t%1%n%tForest Root SID:%t%2%n%tOperation ID:%t{%3,%4}%n%tEntry Type:%t%5%n%tFlags:%t%t%6%n%tTop Level Name:%t%7%n%tDNS Name:%t%8%n%tNetBIOS Name:%t%9%n%tDomain SID:%t%10%n%tModified by%t:%n%tClient User Name:%t%11%n%tClient Domain:%t%12%n%tClient Logon ID:%t%13%n.
;//
;//
;// SE_AUDITID_SECURITY_LOG_CONFIG
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the eventlog service reads security log
;// configuration from the registry key:
;// SYSTEM\CurrentControlSet\Services\Eventlog\Security
;// This event is generated in the context in which eventlog runs. The
;// registry key has a SACL so that it is possible to find out the user
;// who changed the key.
;//
;// Parameters:
;// 1 : max size in KB
;//
;// 2 : Action to take on reaching max log size
;// 1 --> overwrite events as needed
;// 2 --> overwrite events older than the limit specified
;// in parameter 3
;// 3 --> do not overwrite
;//
;// 3 : Event age limit. Applicable only if value param 2 is 2
;//
;// Note:
;//
MessageId=0x0325 SymbolicName=SE_AUDITID_SECURITY_LOG_CONFIG Language=EnglishConfiguration of security log for this session:%tMaximum Log Size (KB): %1%n%tAction to take on reaching max log size: %2%n%tEvent age limit in days: %3%n.
;//
;//
;// SE_AUDITID_PER_USER_AUDIT_TABLE_CREATION
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the LSA per user audit policy is
;// created or recreated.
;//
MessageId=0x0326 SymbolicName=SE_AUDITID_PER_USER_AUDIT_TABLE_CREATION Language=EnglishPer User Audit Policy was refreshed.%n%tNumber of elements:%t%1%n%tPolicy ID:%t%2%n.
;//
;//
;// SE_AUDITID_PER_USER_AUDIT_TABLE_ELEMENT_CREATION
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the per user audit policy table is
;// created. An instance of the audit is generated for each element
;// contained in the peruser table.
;//
;// Note:
;//
MessageId=0x0327 SymbolicName=SE_AUDITID_PER_USER_AUDIT_TABLE_ELEMENT_CREATION Language=EnglishPer user auditing policy set for user:%n%tTarget user:%t%1%n%tPolicy ID:%t%2%n%tCategory Settings:%n%t System:%t%3%n%t Logon:%t%4%n%t Object Access%t%5%n%t Privilege Use:%t%6%n%t Detailed Tracking:%t%7%n%t Policy Change:%t%8%n%t Account Management:%t%9%n%t DS Access:%t%10%n%t Account Logon:%t%11%n.
;//
;//
;// SE_AUDITID_SECURITY_EVENT_SOURCE_REGISTERED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;//
;// Note:
;//
MessageId=0x0328 SymbolicName=SE_AUDITID_SECURITY_EVENT_SOURCE_REGISTERED Language=EnglishA security event source has attempted to register.%n%tPrimary User Name:%t%1%n%tPrimary Domain:%t%2%n%tPrimary Logon ID:%t%3%n%tClient User Name:%t%4%n%tClient Domain:%t%5%n%tClient Logon ID:%t%6%n%tSource Name:%t%7%n%tProcess Id:%t%8%n%tEvent Source Id:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_EVENT_SOURCE_UNREGISTERED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;//
;// Note:
;//
MessageId=0x0329 SymbolicName=SE_AUDITID_SECURITY_EVENT_SOURCE_UNREGISTERED Language=EnglishA security event source has attempted to unregister.%n%tPrimary User Name:%t%1%n%tPrimary Domain:%t%2%n%tPrimary Logon ID:%t%3%n%tClient User Name:%t%4%n%tClient Domain:%t%5%n%tClient Logon ID:%t%6%n%tSource Name:%t%7%n%tProcess Id:%t%8%n%tEvent Source Id:%t%9%n.
;�;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_ACCOUNT_MANAGEMENT //
;// //
;// Event IDs: //
;// SE_AUDITID_USER_CREATED //
;// SE_AUDITID_USER_CHANGE //
;// SE_AUDITID_ACCOUNT_TYPE_CHANGE //
;// SE_AUDITID_USER_ENABLED //
;// SE_AUDITID_USER_PWD_CHANGED //
;// SE_AUDITID_USER_PWD_SET //
;// SE_AUDITID_USER_DISABLED //
;// SE_AUDITID_USER_DELETED //
;// //
;// SE_AUDITID_COMPUTER_CREATED //
;// SE_AUDITID_COMPUTER_CHANGE //
;// SE_AUDITID_COMPUTER_DELETED //
;// //
;// SE_AUDITID_GLOBAL_GROUP_CREATED //
;// SE_AUDITID_GLOBAL_GROUP_CHANGE //
;// SE_AUDITID_GLOBAL_GROUP_ADD //
;// SE_AUDITID_GLOBAL_GROUP_REM //
;// SE_AUDITID_GLOBAL_GROUP_DELETED //
;// SE_AUDITID_LOCAL_GROUP_CREATED //
;// SE_AUDITID_LOCAL_GROUP_CHANGE //
;// SE_AUDITID_LOCAL_GROUP_ADD //
;// SE_AUDITID_LOCAL_GROUP_REM //
;// SE_AUDITID_LOCAL_GROUP_DELETED //
;// //
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CREATED //
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CHANGE //
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_ADD //
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_REM //
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_DELETED //
;// //
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CREATED //
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CHANGE //
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_ADD //
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_REM //
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_DELETED //
;// //
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CREATED //
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CHANGE //
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_ADD //
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_REM //
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_DELETED //
;// //
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CREATED //
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CHANGE //
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_ADD //
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_REM //
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_DELETED //
;// //
;// SE_AUDITID_APP_BASIC_GROUP_CREATED //
;// SE_AUDITID_APP_BASIC_GROUP_CHANGE //
;// SE_AUDITID_APP_BASIC_GROUP_ADD //
;// SE_AUDITID_APP_BASIC_GROUP_REM //
;// SE_AUDITID_APP_BASIC_GROUP_NM_ADD //
;// SE_AUDITID_APP_BASIC_GROUP_NM_REM //
;// SE_AUDITID_APP_BASIC_GROUP_DELETED //
;// //
;// SE_AUDITID_APP_QUERY_GROUP_CREATED //
;// SE_AUDITID_APP_QUERY_GROUP_CHANGE //
;// SE_AUDITID_APP_QUERY_GROUP_DELETED //
;// //
;// SE_AUDITID_GROUP_TYPE_CHANGE //
;// //
;// SE_AUDITID_ADD_SID_HISTORY //
;// //
;// SE_AUDITID_OTHER_ACCT_CHANGE //
;// SE_AUDITID_DOMAIN_POLICY_CHANGE //
;// SE_AUDITID_ACCOUNT_AUTO_LOCKED //
;// SE_AUDITID_ACCOUNT_UNLOCKED //
;// SE_AUDITID_SECURE_ADMIN_GROUP //
;// //
;// SE_AUDITID_PASSWORD_POLICY_API_CALLED //
;// //
;// SE_AUDITID_DSRM_PASSWORD_SET //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_USER_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new user account
;//
;// 2 - domain of new user account
;//
;// 3 - SID string of new user account
;//
;// 4 - User name of subject creating the user account
;//
;// 5 - Domain name of subject creating the user account
;//
;// 6 - Logon ID string of subject creating the user account
;//
;// 7 - Privileges used to create the user account
;//
;//
MessageId=0x0270 SymbolicName=SE_AUDITID_USER_CREATED Language=EnglishUser Account Created:%n%tNew Account Name:%t%1%n%tNew Domain:%t%2%n%tNew Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges%t%t%7%nAttributes:%n%tSam Account Name:%t%8%n%tDisplay Name:%t%9%n%tUser Principal Name:%t%10%n%tHome Directory:%t%11%n%tHome Drive:%t%12%n%tScript Path:%t%13%n%tProfile Path:%t%14%n%tUser Workstations:%t%15%n%tPassword Last Set:%t%16%n%tAccount Expires:%t%17%n%tPrimary Group ID:%t%18%n%tAllowedToDelegateTo:%t%19%n%tOld UAC Value:%t%20%n%tNew UAC Value:%t%21%n%tUser Account Control:%t%22%n%tUser Parameters:%t%23%n%tSid History:%t%24%n%tLogon Hours:%t%25%n.
;//
;//
;// SE_AUDITID_ACCOUNT_TYPE_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// MessageId 0x271 unused
;//
;//
;//
;// SE_AUDITID_USER_ENABLED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0272 SymbolicName=SE_AUDITID_USER_ENABLED Language=EnglishUser Account Enabled:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n.
;//
;//
;// SE_AUDITID_USER_PWD_CHANGED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0273 SymbolicName=SE_AUDITID_USER_PWD_CHANGED Language=EnglishChange Password Attempt:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_USER_PWD_SET
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0274 SymbolicName=SE_AUDITID_USER_PWD_SET Language=EnglishUser Account password set:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n.
;//
;//
;// SE_AUDITID_USER_DISABLED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0275 SymbolicName=SE_AUDITID_USER_DISABLED Language=EnglishUser Account Disabled:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n.
;//
;//
;// SE_AUDITID_USER_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0276 SymbolicName=SE_AUDITID_USER_DELETED Language=EnglishUser Account Deleted:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_GLOBAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x0277 SymbolicName=SE_AUDITID_GLOBAL_GROUP_CREATED Language=EnglishSecurity Enabled Global Group Created:%n%tNew Account Name:%t%1%n%tNew Domain:%t%2%n%tNew Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nAttributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_GLOBAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0278 SymbolicName=SE_AUDITID_GLOBAL_GROUP_ADD Language=EnglishSecurity Enabled Global Group Member Added:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_GLOBAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0279 SymbolicName=SE_AUDITID_GLOBAL_GROUP_REM Language=EnglishSecurity Enabled Global Group Member Removed:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_GLOBAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x027A SymbolicName=SE_AUDITID_GLOBAL_GROUP_DELETED Language=EnglishSecurity Enabled Global Group Deleted:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_LOCAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x027B SymbolicName=SE_AUDITID_LOCAL_GROUP_CREATED Language=EnglishSecurity Enabled Local Group Created:%n%tNew Account Name:%t%1%n%tNew Domain:%t%2%n%tNew Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nAttributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_LOCAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x027C SymbolicName=SE_AUDITID_LOCAL_GROUP_ADD Language=EnglishSecurity Enabled Local Group Member Added:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_LOCAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x027D SymbolicName=SE_AUDITID_LOCAL_GROUP_REM Language=EnglishSecurity Enabled Local Group Member Removed:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_LOCAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x027E SymbolicName=SE_AUDITID_LOCAL_GROUP_DELETED Language=EnglishSecurity Enabled Local Group Deleted:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_LOCAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x027F SymbolicName=SE_AUDITID_LOCAL_GROUP_CHANGE Language=EnglishSecurity Enabled Local Group Changed:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nChanged Attributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_OTHER_ACCOUNT_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - Type of change (sigh, this isn't localizable)
;//
;// 2 - Type of changed object
;//
;// 3 - SID string (of changed object)
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0280 SymbolicName=SE_AUDITID_OTHER_ACCOUNT_CHANGE Language=EnglishGeneral Account Database Change:%n%tType of change:%t%1%n%tObject Type:%t%2%n%tObject Name:%t%3%n%tObject ID:%t%4%n%tCaller User Name:%t%5%n%tCaller Domain:%t%6%n%tCaller Logon ID:%t%7%n.
;//
;//
;// SE_AUDITID_GLOBAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0281 SymbolicName=SE_AUDITID_GLOBAL_GROUP_CHANGE Language=EnglishSecurity Enabled Global Group Changed:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nChanged Attributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_USER_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0282 SymbolicName=SE_AUDITID_USER_CHANGE Language=EnglishUser Account Changed:%n%tTarget Account Name:%t%2%n%tTarget Domain:%t%3%n%tTarget Account ID:%t%4%n%tCaller User Name:%t%5%n%tCaller Domain:%t%6%n%tCaller Logon ID:%t%7%n%tPrivileges:%t%8%nChanged Attributes:%n%tSam Account Name:%t%9%n%tDisplay Name:%t%10%n%tUser Principal Name:%t%11%n%tHome Directory:%t%12%n%tHome Drive:%t%13%n%tScript Path:%t%14%n%tProfile Path:%t%15%n%tUser Workstations:%t%16%n%tPassword Last Set:%t%17%n%tAccount Expires:%t%18%n%tPrimary Group ID:%t%19%n%tAllowedToDelegateTo:%t%20%n%tOld UAC Value:%t%21%n%tNew UAC Value:%t%22%n%tUser Account Control:%t%23%n%tUser Parameters:%t%24%n%tSid History:%t%25%n%tLogon Hours:%t%26%n.
;//
;//
;// SE_AUDITID_DOMAIN_POLICY_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - (unused)
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0283 SymbolicName=SE_AUDITID_DOMAIN_POLICY_CHANGE Language=EnglishDomain Policy Changed: %1 modified%n%tDomain Name:%t%t%2%n%tDomain ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nChanged Attributes:%n%tMin. Password Age:%t%8%n%tMax. Password Age:%t%9%n%tForce Logoff:%t%10%n%tLockout Threshold:%t%11%n%tLockout Observation Window:%t%12%n%tLockout Duration:%t%13%n%tPassword Properties:%t%14%n%tMin. Password Length:%t%15%n%tPassword History Length:%t%16%n%tMachine Account Quota:%t%17%n %tMixed Domain Mode:%t%18%n%tDomain Behavior Version:%t%19%n%tOEM Information:%t%20%n.
;//
;//
;// SE_AUDITID_ACCOUNT_AUTO_LOCKED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Type: success / failure
;//
;// Description: This event is generated when an account is auto locked. This happens
;// when a user attempts to log in unsuccessfully multiple times. The exact
;// number of times is specified by the administrator.
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0284 SymbolicName=SE_AUDITID_ACCOUNT_AUTO_LOCKED Language=EnglishUser Account Locked Out:%n%tTarget Account Name:%t%1%n%tTarget Account ID:%t%3%n%tCaller Machine Name:%t%2%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n.
;//
;//
;// SE_AUDITID_COMPUTER_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new computer account
;//
;// 2 - domain of new computer account
;//
;// 3 - SID string of new computer account
;//
;// 4 - User name of subject creating the computer account
;//
;// 5 - Domain name of subject creating the computer account
;//
;// 6 - Logon ID string of subject creating the computer account
;//
;// 7 - Privileges used to create the computer account
;//
;//
MessageId=0x0285 SymbolicName=SE_AUDITID_COMPUTER_CREATED Language=EnglishComputer Account Created:%n%tNew Account Name:%t%1%n%tNew Domain:%t%2%n%tNew Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges%t%t%7%nAttributes:%n%tSam Account Name:%t%8%n%tDisplay Name:%t%9%n%tUser Principal Name:%t%10%n%tHome Directory:%t%11%n%tHome Drive:%t%12%n%tScript Path:%t%13%n%tProfile Path:%t%14%n%tUser Workstations:%t%15%n%tPassword Last Set:%t%16%n%tAccount Expires:%t%17%n%tPrimary Group ID:%t%18%n%tAllowedToDelegateTo:%t%19%n%tOld UAC Value:%t%20%n%tNew UAC Value:%t%21%n%tUser Account Control:%t%22%n%tUser Parameters:%t%23%n%tSid History:%t%24%n%tLogon Hours:%t%25%n%tDNS Host Name:%t%26%n%tService Principal Names:%t%27%n .
;//
;//
;// SE_AUDITID_COMPUTER_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target computer account
;//
;// 2 - domain of target computer account
;//
;// 3 - SID string of target computer account
;//
;// 4 - User name of subject changing the computer account
;//
;// 5 - Domain name of subject changing the computer account
;//
;// 6 - Logon ID string of subject changing the computer account
;//
;//
MessageId=0x0286 SymbolicName=SE_AUDITID_COMPUTER_CHANGE Language=EnglishComputer Account Changed:%n%t%1%n%tTarget Account Name:%t%2%n%tTarget Domain:%t%3%n%tTarget Account ID:%t%4%n%tCaller User Name:%t%5%n%tCaller Domain:%t%6%n%tCaller Logon ID:%t%7%n%tPrivileges:%t%8%nChanged Attributes:%n%tSam Account Name:%t%9%n%tDisplay Name:%t%10%n%tUser Principal Name:%t%11%n%tHome Directory:%t%12%n%tHome Drive:%t%13%n%tScript Path:%t%14%n%tProfile Path:%t%15%n%tUser Workstations:%t%16%n%tPassword Last Set:%t%17%n%tAccount Expires:%t%18%n%tPrimary Group ID:%t%19%n%tAllowedToDelegateTo:%t%20%n%tOld UAC Value:%t%21%n%tNew UAC Value:%t%22%n%tUser Account Control:%t%23%n%tUser Parameters:%t%24%n%tSid History:%t%25%n%tLogon Hours:%t%26%n%tDNS Host Name:%t%27%n%tService Principal Names:%t%28%n .
;//
;//
;// SE_AUDITID_COMPUTER_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0287 SymbolicName=SE_AUDITID_COMPUTER_DELETED Language=EnglishComputer Account Deleted:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0288 SymbolicName=SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CREATED Language=EnglishSecurity Disabled Local Group Created:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nAttributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0289 SymbolicName=SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CHANGE Language=EnglishSecurity Disabled Local Group Changed:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nChanged Attributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x028A SymbolicName=SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_ADD Language=EnglishSecurity Disabled Local Group Member Added:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x028B SymbolicName=SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_REM Language=EnglishSecurity Disabled Local Group Member Removed:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x028C SymbolicName=SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_DELETED Language=EnglishSecurity Disabled Local Group Deleted:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x028D SymbolicName=SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CREATED Language=EnglishSecurity Disabled Global Group Created:%n%tNew Account Name:%t%1%n%tNew Domain:%t%2%n%tNew Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nAttributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x028E SymbolicName=SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CHANGE Language=EnglishSecurity Disabled Global Group Changed:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nChanged Attributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x028F SymbolicName=SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_ADD Language=EnglishSecurity Disabled Global Group Member Added:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0290 SymbolicName=SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_REM Language=EnglishSecurity Disabled Global Group Member Removed:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0291 SymbolicName=SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_DELETED Language=EnglishSecurity Disabled Global Group Deleted:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x0292 SymbolicName=SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CREATED Language=EnglishSecurity Enabled Universal Group Created:%n%tNew Account Name:%t%1%n%tNew Domain:%t%2%n%tNew Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nAttributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0293 SymbolicName=SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CHANGE Language=EnglishSecurity Enabled Universal Group Changed:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nChanged Attributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0294 SymbolicName=SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_ADD Language=EnglishSecurity Enabled Universal Group Member Added:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0295 SymbolicName=SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_REM Language=EnglishSecurity Enabled Universal Group Member Removed:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0296 SymbolicName=SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_DELETED Language=EnglishSecurity Enabled Universal Group Deleted:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x0297 SymbolicName=SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CREATED Language=EnglishSecurity Disabled Universal Group Created:%n%tNew Account Name:%t%1%n%tNew Domain:%t%2%n%tNew Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nAttributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0298 SymbolicName=SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CHANGE Language=EnglishSecurity Disabled Universal Group Changed:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nChanged Attributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0299 SymbolicName=SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_ADD Language=EnglishSecurity Disabled Universal Group Member Added:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x029A SymbolicName=SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_REM Language=EnglishSecurity Disabled Universal Group Member Removed:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x029B SymbolicName=SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_DELETED Language=EnglishSecurity Disabled Universal Group Deleted:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_GROUP_TYPE_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - nature of group type change
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x029C SymbolicName=SE_AUDITID_GROUP_TYPE_CHANGE Language=EnglishGroup Type Changed:%n%t%1%n%tTarget Account Name:%t%2%n%tTarget Domain:%t%3%n%tTarget Account ID:%t%4%n%tCaller User Name:%t%5%n%tCaller Domain:%t%6%n%tCaller Logon ID:%t%7%n%tPrivileges:%t%8%n.
;//
;//
;// SE_AUDITID_ADD_SID_HISTORY
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of the source account
;//
;// 2 - Name of the source account (including domain name)
;//
;// 3 - Name of the target account
;//
;// 4 - Domain name of subject changing the SID history
;//
;// 5 - SID String of the target account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x029D SymbolicName=SE_AUDITID_ADD_SID_HISTORY Language=EnglishAdd SID History:%n%tSource Account Name:%t%1%n%tSource Account ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n%tSidList:%t%10%n.
;//
;//
;// SE_AUDITID_ADD_SID_HISTORY_FAILURE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Note:
;// This event is obsolete. It is not generated by Whistler.
;// It is retained in this file so that anybody viewing w2k events
;// from a whistler machine can view them correctly.
;//
;//
;//
MessageId=0x029E SymbolicName=SE_AUDITID_ADD_SID_HISTORY_FAILURE Language=EnglishAdd SID History:%n%tSource Account Name:%t%1%n%tTarget Account Name:%t%2%n%tTarget Domain:%t%3%n%tTarget Account ID:%t%4%n%tCaller User Name:%t%5%n%tCaller Domain:%t%6%n%tCaller Logon ID:%t%7%n%tPrivileges:%t%8%n.
;//
;//
;// SE_AUDITID_ACCOUNT_UNLOCKED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x029F SymbolicName=SE_AUDITID_ACCOUNT_UNLOCKED Language=EnglishUser Account Unlocked:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n.
;//
;//
;// SE_AUDITID_SECURE_ADMIN_GROUP
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - (unused)
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
;//
MessageId=0x02AC SymbolicName=SE_AUDITID_SECURE_ADMIN_GROUP Language=EnglishSet ACLs of members in administrators groups:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_ACCOUNT_NAME_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - Account name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
;//
MessageId=0x02AD SymbolicName=SE_AUDITID_ACCOUNT_NAME_CHANGE Language=EnglishAccount Name Changed:%n %tOld Account Name:%t%1%n%tNew Account Name:%t%2%n%tTarget Domain:%t%t%3%n%tTarget Account ID:%t%4%n%tCaller User Name:%t%5%n%tCaller Domain:%t%6%n%tCaller Logon ID:%t%7%n%tPrivileges:%t%8%n.
;//
;//
;// SE_AUDITID_PASSWORD_HASH_ACCESS
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Event Type : success/failure
;//
;// Description:
;// This event is generated when user password hashes are retrieved
;// by the ADMT password filter DLL. This typically happens during
;// ADMT password migration.
;//
;// Notes:
;// To migrate passwords, a DLL (name?) gets loaded in lsass.exe as
;// a password filter. This filter registers an RPC interface used by ADMT
;// to request password migration. One SE_AUDITID_PASSWORD_HASH_ACCESS event
;// is generated per password fetched.
;//
;//
MessageId=0x02AE SymbolicName=SE_AUDITID_PASSWORD_HASH_ACCESS Language=EnglishPassword of the following user accessed:%n%tTarget User Name:%t%1%n%tTarget User Domain:%t%t%2%nBy user:%n%tCaller User Name:%t%3%n%tCaller Domain:%t%t%4%n%tCaller Logon ID:%t%t%5%n.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_CREATED
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_CREATED
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x02AF SymbolicName=SE_AUDITID_APP_BASIC_GROUP_CREATED Language=EnglishBasic Application Group Created:%n%tNew Account Name:%t%1%n%tNew Domain:%t%2%n%tNew Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nAttributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_CHANGE
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - name of group account
;//
;// 2 - domain of group account
;//
;// 3 - SID string of group account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x02B0 SymbolicName=SE_AUDITID_APP_BASIC_GROUP_CHANGE Language=EnglishBasic Application Group Changed:%n%tNew Account Name:%t%1%n%tNew Domain:%t%2%n%tNew Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nChanged Attributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_ADD
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_ADD
;//
;// Parameter Strings -
;//
;// 1 - name of member being added
;//
;// 2 - string SID of member being added
;//
;// 3 - name of target account
;//
;// 4 - domain of target account
;//
;// 5 - SID string of target account
;//
;// 6 - User name of subject changing the account
;//
;// 7 - Domain name of subject changing the account
;//
;// 8 - Logon ID string of subject changing the account
;//
;// 9 - Privileges
;//
;//
MessageId=0x02B1 SymbolicName=SE_AUDITID_APP_BASIC_GROUP_ADD Language=EnglishBasic Application Group Member Added:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_REM
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_REM
;//
;// Parameter Strings -
;//
;// 1 - name of member being removed
;//
;// 2 - string SID of member being removed
;//
;// 3 - name of target account
;//
;// 4 - domain of target account
;//
;// 5 - SID string of target account
;//
;// 6 - User name of subject changing the account
;//
;// 7 - Domain name of subject changing the account
;//
;// 8 - Logon ID string of subject changing the account
;//
;// 9 - Privileges
;//
;//
MessageId=0x02B2 SymbolicName=SE_AUDITID_APP_BASIC_GROUP_REM Language=EnglishBasic Application Group Member Removed:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_NM_ADD
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_NM_ADD
;//
;// Parameter Strings -
;//
;// 1 - name of non-member being added
;//
;// 2 - string SID of non-member being added
;//
;// 3 - name of target account
;//
;// 4 - domain of target account
;//
;// 5 - SID string of target account
;//
;// 6 - User name of subject changing the account
;//
;// 7 - Domain name of subject changing the account
;//
;// 8 - Logon ID string of subject changing the account
;//
;// 9 - Privileges
;//
;//
MessageId=0x02B3 SymbolicName=SE_AUDITID_APP_BASIC_GROUP_NM_ADD Language=EnglishBasic Application Group Non-Member Added:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_NM_REM
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_NM_REM
;//
;// Parameter Strings -
;//
;// 1 - name of non-member being removed
;//
;// 2 - string SID of non-member being removed
;//
;// 3 - name of target account
;//
;// 4 - domain of target account
;//
;// 5 - SID string of target account
;//
;// 6 - User name of subject changing the account
;//
;// 7 - Domain name of subject changing the account
;//
;// 8 - Logon ID string of subject changing the account
;//
;// 9 - Privileges
;//
;//
MessageId=0x02B4 SymbolicName=SE_AUDITID_APP_BASIC_GROUP_NM_REM Language=EnglishBasic Application Group Non-Member Removed:%n%tMember Name:%t%1%n%tMember ID:%t%2%n%tTarget Account Name:%t%3%n%tTarget Domain:%t%4%n%tTarget Account ID:%t%5%n%tCaller User Name:%t%6%n%tCaller Domain:%t%7%n%tCaller Logon ID:%t%8%n%tPrivileges:%t%9%n.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_DELETED
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_DELETED
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x02B5 SymbolicName=SE_AUDITID_APP_BASIC_GROUP_DELETED Language=EnglishBasic Application Group Deleted:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_APP_QUERY_GROUP_CREATED
;//
;// Category: SE_AUDITID_APP_QUERY_GROUP_CREATED
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x02B6 SymbolicName=SE_AUDITID_APP_QUERY_GROUP_CREATED Language=EnglishLDAP Query Group Created:%n%tNew Account Name:%t%1%n%tNew Domain:%t%2%n%tNew Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nAttributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_APP_QUERY_GROUP_CHANGE
;//
;// Category: SE_AUDITID_APP_QUERY_GROUP_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - name of group account
;//
;// 2 - domain of group account
;//
;// 3 - SID string of group account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x02B7 SymbolicName=SE_AUDITID_APP_QUERY_GROUP_CHANGE Language=EnglishLDAP Query Group Changed:%n%tNew Account Name:%t%1%n%tNew Domain:%t%2%n%tNew Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%nChanged Attributes:%n%tSam Account Name:%t%8%n%tSid History:%t%9%n.
;//
;//
;// SE_AUDITID_APP_QUERY_GROUP_DELETED
;//
;// Category: SE_AUDITID_APP_QUERY_GROUP_DELETED
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x02B8 SymbolicName=SE_AUDITID_APP_QUERY_GROUP_DELETED Language=EnglishLDAP Query Group Deleted:%n%tTarget Account Name:%t%1%n%tTarget Domain:%t%2%n%tTarget Account ID:%t%3%n%tCaller User Name:%t%4%n%tCaller Domain:%t%5%n%tCaller Logon ID:%t%6%n%tPrivileges:%t%7%n.
;//
;//
;// SE_AUDITID_PASSWORD_POLICY_API_CALLED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - Name of the account making this call
;// 2 - Domain of the account making this call
;// 3 - Authentication ID of the logon session
;// 4 - Caller Workstation IP
;// 5 - Target AccountName
;// 6 - Status Code
;//
MessageId=0x02B9 SymbolicName=SE_AUDITID_PASSWORD_POLICY_API_CALLED Language=EnglishPassword Policy Checking API is called:%n%tCaller Username:%t%1%n%tCaller Domain:%t%2%n%tCaller Logon ID:%t%3%n%tCaller Workstation:%t%4%n%tProvided User Name (unauthenticated):%t%5%n%tStatus Code:%t%6%n.
;//
;//
;// SE_AUDITID_DSRM_PASSWORD_SET
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - Name of the account making this call
;// 2 - Domain of the account making this call
;// 3 - Authentication ID of the logon session
;// 4 - Caller Workstation IP
;// 5 - Status code
;//
MessageId=0x02BA SymbolicName=SE_AUDITID_DSRM_PASSWORD_SET Language=EnglishAn attempt to set the Directory Services Restore Mode administrator password has been made.%n%tCaller Username:%t%1%n%tCaller Domain:%t%2%n%tCaller Logon ID:%t%3%n%tCaller Workstation:%t%4%n%tStatus Code:%t%5%n.
;�;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_DS_ACCESS //
;// //
;// Event IDs: //
;// SE_AUDITID_REPLICA_SOURCE_NC_ESTABLISHED //
;// SE_AUDITID_REPLICA_SOURCE_NC_REMOVED //
;// SE_AUDITID_REPLICA_SOURCE_NC_MODIFIED //
;// SE_AUDITID_REPLICA_DEST_NC_MODIFIED //
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_BEGINS //
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_ENDS //
;// SE_AUDITID_REPLICA_OBJ_ATTR_REPLICATION //
;// SE_AUDITID_REPLICA_FAILURE_EVENT_BEGIN //
;// SE_AUDITID_REPLICA_FAILURE_EVENT_END //
;// SE_AUDITID_REPLICA_LINGERING_OBJECT_REMOVAL //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;// SE_AUDITID_REPLICA_SOURCE_NC_ESTABLISHED
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This is generated when a replication source reference has been added to
;// a destination naming context establishing a replication partnership.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0340 SymbolicName=SE_AUDITID_REPLICA_SOURCE_NC_ESTABLISHED Language=English%tDestination DRA:%t%1%n%tSource DRA:%t%2%n%tSource Addr:%t%3%n%tNaming Context:%t%4%n%tOptions:%t%5%n%tStatus Code:%t%6%n.
;//
;// SE_AUDITID_REPLICA_SOURCE_NC_REMOVED
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This is generated when a replication partnership between a source and
;// the destination for a given naming context has been removed.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0341 SymbolicName=SE_AUDITID_REPLICA_SOURCE_NC_REMOVED Language=English%tDestination DRA:%t%1%n%tSource DRA:%t%2%n%tSource Addr:%t%3%n%tNaming Context:%t%4%n%tOptions:%t%5%n%tStatus Code:%t%6%n.
;//
;// SE_AUDITID_REPLICA_SOURCE_NC_MODIFIED
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This is generated when a replication source associated with
;// a destination naming context has been modified.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0342 SymbolicName=SE_AUDITID_REPLICA_SOURCE_NC_MODIFIED Language=English%tDestination DRA:%t%1%n%tSource DRA:%t%2%n%tSource Addr:%t%3%n%tNaming Context:%t%4%n%tOptions:%t%5%n%tStatus Code:%t%6%n.
;//
;// SE_AUDITID_REPLICA_DEST_NC_MODIFIED
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This is generated when a replication destination associated with
;// a source naming context has been modified.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0343 SymbolicName=SE_AUDITID_REPLICA_DEST_NC_MODIFIED Language=English%tDestination DRA:%t%1%n%tSource DRA:%t%2%n%tDest. Addr:%t%3%n%tNaming Context:%t%4%n%tOptions:%t%5%n%tStatus Code:%t%6%n.
;//
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_BEGINS
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success
;//
;// Description:
;// This event records the start of a replication protocol session between
;// the destination replica NC and one of its source replicas.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0344 SymbolicName=SE_AUDITID_REPLICA_SOURCE_NC_SYNC_BEGINS Language=English%tDestination DRA:%t%1%n%tSource DRA:%t%2%n%tNaming Context:%t%3%n%tOptions:%t%4%n%tSession ID:%t%5%n%tStart USN:%t%6%n.
;//
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_ENDS
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This event records the end of a replication protocol session between
;// the destination replica NC and one of its source replicas.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0345 SymbolicName=SE_AUDITID_REPLICA_SOURCE_NC_SYNC_ENDS Language=English%tDestination DRA:%t%1%n%tSource DRA:%t%2%n%tNaming Context:%t%3%n%tOptions:%t%4%n%tSession ID:%t%5%n%tEnd USN:%t%6%n%tStatus Code:%t%7%n.
;//
;// SE_AUDITID_REPLICA_OBJ_ATTR_REPLICATION
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This event records the completion of replication of a single
;// attribute of an object.
;//
;// Note:
;// -- This event is always generated in the local system context.
;// -- This event is generated if
;// -- SE_CATEGID_DS_ACCESS is enabled AND
;// -- the value of
;// SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditDSObjectsInReplication
;// is set to 1
;//
MessageId=0x0346 SymbolicName=SE_AUDITID_REPLICA_OBJ_ATTR_REPLICATION Language=English%tSession ID:%t%1%n%tObject:%t%2%n%tAttribute:%t%3%n%tType of change:%t%4%n%tNew Value:%t%5%n%tUSN:%t%6%n%tStatus Code:%t%7%n.
;//
;// SE_AUDITID_REPLICA_FAILURE_EVENT_BEGIN
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : failure
;//
;// Description:
;// This event records an inability to gather enough data to succesfully
;// record *before* one of the following replication events which were not
;// executed:
;// SE_AUDITID_REPLICA_SOURCE_NC_ESTABLISHED
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_BEGINS
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0347 SymbolicName=SE_AUDITID_REPLICA_FAILURE_EVENT_BEGIN Language=English%tReplication Event:%t%1%n%tAudit Status Code:%t%2%n.
;//
;// SE_AUDITID_REPLICA_FAILURE_EVENT_END
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This event records an inability to gather enough data to succesfully
;// record *after* one of the following replication events which may or
;// may not have executed successfully:
;// SE_AUDITID_REPLICA_SOURCE_NC_ESTABLISHED
;// SE_AUDITID_REPLICA_SOURCE_NC_REMOVED
;// SE_AUDITID_REPLICA_SOURCE_NC_MODIFIED
;// SE_AUDITID_REPLICA_DEST_NC_MODIFIED
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_BEGINS
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_ENDS
;// SE_AUDITID_REPLICA_OBJ_ATTR_REPLICATION
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0348 SymbolicName=SE_AUDITID_REPLICA_FAILURE_EVENT_END Language=English%tReplication Event:%t%1%n%tAudit Status Code:%t%2%n%tReplication Status Code:%t%3%n.
;//
;// SE_AUDITID_REPLICA_LINGERING_OBJECT_REMOVAL
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This event records an attempt made by the replication lingering
;// object removal mechanism to delete and garbage collect an object.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0349 SymbolicName=SE_AUDITID_REPLICA_LINGERING_OBJECT_REMOVALv Language=English%tDestination DRA:%t%1%n%tSource DRA:%t%2%n%tObject:%t%3%n%tOptions:%t%4%n%tStatus Code:%t%5%n.
;�;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_ACCOUNT_LOGON //
;// //
;// Event IDs: //
;// SE_AUDITID_AS_TICKET //
;// SE_AUDITID_TGS_TICKET_REQUEST //
;// SE_AUDITID_TICKET_RENEW_SUCCESS //
;// SE_AUDITID_PREAUTH_FAILURE //
;// SE_AUDITID_TGS_TICKET_FAILURE //
;// SE_AUDITID_ACCOUNT_MAPPED //
;// SE_AUDITID_ACCOUNT_LOGON //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_AS_TICKET
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User name of client
;//
;// 2 - Supplied realm name
;//
;// 3 - SID of client user
;//
;// 4 - User name of service
;//
;// 5 - SID of service
;//
;// 6 - Ticket Options
;//
;// 7 - Failure code
;//
;// 8 - Ticket Encryption Type
;//
;// 9 - Preauthentication type (i.e. PK_INIT)
;//
;// 10 - Client IP address
;//
;// 11 - Certificate Issuer Name
;//
;// 12 - Certificate Serial Number
;//
;// 13 - Certificate Thumbprint
;//
MessageId=0x02a0 SymbolicName=SE_AUDITID_AS_TICKET Language=EnglishAuthentication Ticket Request:%n%tUser Name:%t%t%1%n%tSupplied Realm Name:%t%2%n%tUser ID:%t%t%t%3%n%tService Name:%t%t%4%n%tService ID:%t%t%5%n%tTicket Options:%t%t%6%n%tResult Code:%t%t%7%n%tTicket Encryption Type:%t%8%n%tPre-Authentication Type:%t%9%n%tClient Address:%t%t%10%n%tCertificate Issuer Name:%t%11%n%tCertificate Serial Number:%t%12%n%tCertificate Thumbprint:%t%13%n.
;//
;//
;// SE_AUDITID_AS_TICKET_FAILURE
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Note:
;// This event is obsolete. It is not generated by Whistler.
;// It is retained in this file so that anybody viewing w2k events
;// from a whistler machine can view them correctly.
;//
;//
MessageId=0x02a4 SymbolicName=SE_AUDITID_AS_TICKET_FAILURE Language=EnglishAuthentication Ticket Request Failed:%n%tUser Name:%t%1%n%tSupplied Realm Name:%t%2%n%tService Name:%t%3%n%tTicket Options:%t%4%n%tFailure Code:%t%5%n%tClient Address:%t%6%n.
;//
;//
;// SE_AUDITID_TGS_TICKET_REQUEST
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User name of client
;//
;// 2 - Domain name of client
;//
;// 3 - User name of service
;//
;// 4 - SID of service
;//
;// 5 - Ticket Options
;//
;// 6 - Ticket Encryption Type
;//
;// 7 - Client IP address
;//
;// 8 - Failure code (0 for success)
;//
;// 9 - logon GUID
;//
;// 10 - Transited Services
;//
MessageId=0x02a1 SymbolicName=SE_AUDITID_TGS_TICKET_REQUEST Language=EnglishService Ticket Request:%n%tUser Name:%t%t%1%n%tUser Domain:%t%t%2%n%tService Name:%t%t%3%n%tService ID:%t%t%4%n%tTicket Options:%t%t%5%n%tTicket Encryption Type:%t%6%n%tClient Address:%t%t%7%n%tFailure Code:%t%t%8%n%tLogon GUID:%t%t%9%n%tTransited Services:%t%10%n.
;//
;//
;// SE_AUDITID_TICKET_RENEW_SUCCESS
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User name of client
;//
;// 2 - Domain name of client
;//
;// 3 - User name of service
;//
;// 4 - SID of service
;//
;// 5 - Ticket Options
;//
;// 6 - Ticket Encryption Type
;//
;// 7 - Client IP address
;//
MessageId=0x02a2 SymbolicName=SE_AUDITID_TICKET_RENEW_SUCCESS Language=EnglishService Ticket Renewed:%n%tUser Name:%t%1%n%tUser Domain:%t%2%n%tService Name:%t%3%n%tService ID:%t%4%n%tTicket Options:%t%5%n%tTicket Encryption Type:%t%6%n%tClient Address:%t%7%n.
;//
;//
;// SE_AUDITID_PREAUTH_FAILURE
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User name of client
;//
;// 2 - SID of client user
;//
;// 3 - User name of service
;//
;// 4 - Preauth Type
;//
;// 5 - Failure code
;//
;// 6 - Client IP address
;//
;// Event type: failure
;// Description: This event is generated on a KDC when
;// preauthentication fails (user types in wrong password).
;//
MessageId=0x02a3 SymbolicName=SE_AUDITID_PREAUTH_FAILURE Language=EnglishPre-authentication failed:%n%tUser Name:%t%1%n%tUser ID:%t%t%2%n%tService Name:%t%3%n%tPre-Authentication Type:%t%4%n%tFailure Code:%t%5%n%tClient Address:%t%6%n.
;//
;//
;// SE_AUDITID_TGS_TICKET_FAILURE
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Note:
;// This event is obsolete. It is not generated by Whistler.
;// It is retained in this file so that anybody viewing w2k events
;// from a whistler machine can view them correctly.
;//
MessageId=0x02a5 SymbolicName=SE_AUDITID_TGS_TICKET_FAILURE Language=EnglishService Ticket Request Failed:%n%tUser Name:%t%1%n%tUser Domain:%t%2%n%tService Name:%t%3%n%tTicket Options:%t%4%n%tFailure Code:%t%5%n%tClient Address:%t%6%n.
;//
;//
;// SE_AUDITID_ACCOUNT_MAPPED
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Type: success / failure
;//
;// Description: An account mapping is a map of a user authenticated in an MIT realm to a
;// domain account. A mapping acts much like a logon. Hence, it is important to audit this.
;//
;// Parameter Strings -
;//
;// 1 - Source
;//
;// 2 - Client Name
;//
;// 3 - Mapped Name
;//
;//
;//
MessageId=0x02a6 SymbolicName=SE_AUDITID_ACCOUNT_MAPPED Language=EnglishAccount Mapped for Logon.%nMapping Attempted By:%n %t%1%nClient Name:%n%t%2%n%tMapped Name:%n%t%3%n.
;//
;//
;// SE_AUDITID_ACCOUNT_NOT_MAPPED
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Note:
;// This event is obsolete. It is not generated by Whistler.
;// It is retained in this file so that anybody viewing w2k events
;// from a whistler machine can view them correctly.
;// Parameter Strings -
;//
MessageId=0x02a7 SymbolicName=SE_AUDITID_ACCOUNT_NOT_MAPPED Language=EnglishThe name:%n%t%2%ncould not be mapped for logon by:%t%1%n.
;//
;//
;// SE_AUDITID_ACCOUNT_LOGON
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Type: Success / Failure
;//
;// Description: This audits a logon attempt. The audit appears on the DC.
;// This is generated by calling LogonUser.
;//
;//
MessageId=0x02a8 SymbolicName=SE_AUDITID_ACCOUNT_LOGON Language=EnglishLogon attempt by:%t%1%nLogon account:%t%2%nSource Workstation:%t%3%nError Code:%t%4%n.
;//
;//
;// SE_AUDITID_ACCOUNT_LOGON_FAILURE
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Note:
;// This event is obsolete. It is not generated by Whistler.
;// It is retained in this file so that anybody viewing w2k events
;// from a whistler machine can view them correctly.
;//
;//
MessageId=0x02a9 SymbolicName=SE_AUDITID_ACCOUNT_LOGON_FAILURE Language=EnglishThe logon to account: %2%nby: %1%nfrom workstation: %3%nfailed. The error code was: %4%n.
;//
;//
;// SE_AUDITID_SESSION_RECONNECTED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;// 4 - Session Name
;//
;// 5 - Client Name
;//
;// 6 - Client Address
;//
;//
MessageId=0x02aa SymbolicName=SE_AUDITID_SESSION_RECONNECTED Language=EnglishSession reconnected to winstation:%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon ID:%t%t%3%n%tSession Name:%t%4%n%tClient Name:%t%5%n%tClient Address:%t%6.
;//
;//
;// SE_AUDITID_SESSION_DISCONNECTED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;// 4 - Session Name
;//
;// 5 - Client Name
;//
;// 6 - Client Address
;//
;//
MessageId=0x02ab SymbolicName=SE_AUDITID_SESSION_DISCONNECTED Language=EnglishSession disconnected from winstation:%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon ID:%t%t%3%n%tSession Name:%t%4%n%tClient Name:%t%5%n%tClient Address:%t%6.
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_OBJECT_ACCESS - CertSrv //
;// //
;// Event IDs: //
;// SE_AUDITID_CERTSRV_DENYREQUEST //
;// SE_AUDITID_CERTSRV_RESUBMITREQUEST //
;// SE_AUDITID_CERTSRV_REVOKECERT //
;// SE_AUDITID_CERTSRV_PUBLISHCRL //
;// SE_AUDITID_CERTSRV_AUTOPUBLISHCRL //
;// SE_AUDITID_CERTSRV_SETEXTENSION //
;// SE_AUDITID_CERTSRV_SETATTRIBUTES //
;// SE_AUDITID_CERTSRV_SHUTDOWN //
;// SE_AUDITID_CERTSRV_BACKUPSTART //
;// SE_AUDITID_CERTSRV_BACKUPEND //
;// SE_AUDITID_CERTSRV_RESTORESTART //
;// SE_AUDITID_CERTSRV_RESTOREEND //
;// SE_AUDITID_CERTSRV_SERVICESTART //
;// SE_AUDITID_CERTSRV_SERVICESTOP //
;// SE_AUDITID_CERTSRV_SETSECURITY //
;// SE_AUDITID_CERTSRV_GETARCHIVEDKEY //
;// SE_AUDITID_CERTSRV_IMPORTCERT //
;// SE_AUDITID_CERTSRV_SETAUDITFILTER //
;// SE_AUDITID_CERTSRV_NEWREQUEST //
;// SE_AUDITID_CERTSRV_REQUESTAPPROVED //
;// SE_AUDITID_CERTSRV_REQUESTDENIED //
;// SE_AUDITID_CERTSRV_REQUESTPENDING //
;// SE_AUDITID_CERTSRV_SETOFFICERRIGHTS //
;// SE_AUDITID_CERTSRV_SETCONFIGENTRY //
;// SE_AUDITID_CERTSRV_SETCAPROPERTY //
;// SE_AUDITID_CERTSRV_KEYARCHIVED //
;// SE_AUDITID_CERTSRV_IMPORTKEY //
;// SE_AUDITID_CERTSRV_PUBLISHCERT //
;// SE_AUDITID_CERTSRV_DELETEROW //
;// SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_CERTSRV_DENYREQUEST
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;//
MessageId=0x0304 SymbolicName=SE_AUDITID_CERTSRV_DENYREQUEST Language=EnglishThe certificate manager denied a pending certificate request.%n%nRequest ID:%t%1.
;//
;//
;// SE_AUDITID_CERTSRV_RESUBMITREQUEST
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;//
MessageId=0x0305 SymbolicName=SE_AUDITID_CERTSRV_RESUBMITREQUEST Language=EnglishCertificate Services received a resubmitted certificate request.%n%nRequest ID:%t%1.
;//
;//
;// SE_AUDITID_CERTSRV_REVOKECERT
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Serial No.
;//
;// 2 - Reason
;//
;//
MessageId=0x0306 SymbolicName=SE_AUDITID_CERTSRV_REVOKECERT Language=EnglishCertificate Services revoked a certificate.%n%nSerial No:%t%1%nReason:%t%2.
;//
;//
;// SE_AUDITID_CERTSRV_PUBLISHCRL
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Next Update
;//
;// 2 - Publish Base
;//
;// 3 - Publish Delta
;//
;//
MessageId=0x0307 SymbolicName=SE_AUDITID_CERTSRV_PUBLISHCRL Language=EnglishCertificate Services received a request to publish the certificate revocation list (CRL).%n%nNext Update:%t%1%nPublish Base:%t%2%nPublish Delta:%t%3.
;//
;//
;// SE_AUDITID_CERTSRV_AUTOPUBLISHCRL
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Base CRL
;//
;// 2 - CRL No.
;//
;// 3 - Key Container
;//
;// 4 - Next Publish
;//
;// 5 - Publish URLs
;//
;//
MessageId=0x0308 SymbolicName=SE_AUDITID_CERTSRV_AUTOPUBLISHCRL Language=EnglishCertificate Services published the certificate revocation list (CRL).%n%nBase CRL:%t%1%nCRL No:%t%t%2%nKey Container:%t%3%nNext Publish:%t%4%nPublish URLs:%t%5.
;//
;//
;// SE_AUDITID_CERTSRV_SETEXTENSION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Extension Name
;//
;// 3 - Extension Type
;//
;// 4 - Flags
;//
;// 5 - Extension Data
;//
;//
MessageId=0x0309 SymbolicName=SE_AUDITID_CERTSRV_SETEXTENSION Language=EnglishA certificate request extension changed.%n%nRequest ID:%t%1%nName:%t%2%nType:%t%3%nFlags:%t%4%nData:%t%5.
;//
;//
;// SE_AUDITID_CERTSRV_SETATTRIBUTES
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Attributes
;//
;//
MessageId=0x030a SymbolicName=SE_AUDITID_CERTSRV_SETATTRIBUTES Language=EnglishOne or more certificate request attributes changed.%n%nRequest ID:%t%1%nAttributes:%t%2.
;//
;//
;// SE_AUDITID_CERTSRV_SHUTDOWN
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;//
MessageId=0x030b SymbolicName=SE_AUDITID_CERTSRV_SHUTDOWN Language=EnglishCertificate Services received a request to shut down..
;//
;//
;// SE_AUDITID_CERTSRV_BACKUPSTART
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Backup Type
;//
;//
MessageId=0x030c SymbolicName=SE_AUDITID_CERTSRV_BACKUPSTART Language=EnglishCertificate Services backup started.%nBackup Type:%t%1.
;//
;//
;// SE_AUDITID_CERTSRV_BACKUPEND
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;//
MessageId=0x030d SymbolicName=SE_AUDITID_CERTSRV_BACKUPEND Language=EnglishCertificate Services backup completed..
;//
;//
;// SE_AUDITID_CERTSRV_RESTORESTART
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;//
MessageId=0x030e SymbolicName=SE_AUDITID_CERTSRV_RESTORESTART Language=English Certificate Services restore started..
;//
;//
;// SE_AUDITID_CERTSRV_RESTOREEND
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;//
MessageId=0x030f SymbolicName=SE_AUDITID_CERTSRV_RESTOREEND Language=EnglishCertificate Services restore completed..
;//
;//
;// SE_AUDITID_CERTSRV_SERVICESTART
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Certificate Database Hash
;//
;// 2 - Private Key Usage Count
;//
;// 3 - CA Certificate Hash
;//
;// 4 - CA Public Key Hash
;//
;//
MessageId=0x0310 SymbolicName=SE_AUDITID_CERTSRV_SERVICESTART Language=EnglishCertificate Services started.%n%nCertificate Database Hash:%t%1%nPrivate Key Usage Count:%t%2%nCA Certificate Hash:%t%3%nCA Public Key Hash:%t%4.
;//
;//
;// SE_AUDITID_CERTSRV_SERVICESTOP
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Certificate Database Hash
;//
;// 2 - Private Key Usage Count
;//
;// 3 - CA Certificate Hash
;//
;// 4 - CA Public Key Hash
;//
;//
MessageId=0x0311 SymbolicName=SE_AUDITID_CERTSRV_SERVICESTOP Language=EnglishCertificate Services stopped.%n%nCertificate Database Hash:%t%1%nPrivate Key Usage Count:%t%2%nCA Certificate Hash:%t%3%nCA Public Key Hash:%t%4.
;//
;//
;// SE_AUDITID_CERTSRV_SETSECURITY
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - New permissions
;//
;//
MessageId=0x0312 SymbolicName=SE_AUDITID_CERTSRV_SETSECURITY Language=EnglishThe security permissions for Certificate Services changed.%n%n%1.
;//
;//
;// SE_AUDITID_CERTSRV_GETARCHIVEDKEY
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;//
MessageId=0x0313 SymbolicName=SE_AUDITID_CERTSRV_GETARCHIVEDKEY Language=EnglishCertificate Services retrieved an archived key.%n%nRequest ID:%t%1.
;//
;//
;// SE_AUDITID_CERTSRV_IMPORTCERT
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Certificate
;//
;// 2 - Request ID
;//
;//
MessageId=0x0314 SymbolicName=SE_AUDITID_CERTSRV_IMPORTCERT Language=EnglishCertificate Services imported a certificate into its database.%n%nCertificate:%t%1%nRequest ID:%t%2.
;//
;//
;// SE_AUDITID_CERTSRV_SETAUDITFILTER
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Filter
;//
;//
MessageId=0x0315 SymbolicName=SE_AUDITID_CERTSRV_SETAUDITFILTER Language=EnglishThe audit filter for Certificate Services changed.%n%nFilter:%t%1.
;//
;//
;// SE_AUDITID_CERTSRV_NEWREQUEST
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Requester
;//
;// 3 - Attributes
;//
;//
MessageId=0x0316 SymbolicName=SE_AUDITID_CERTSRV_NEWREQUEST Language=EnglishCertificate Services received a certificate request.%n%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3.
;//
;//
;// SE_AUDITID_CERTSRV_REQUESTAPPROVED
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Requester
;//
;// 3 - Attributes
;//
;// 4 - Disposition
;//
;// 5 - SKI
;//
;// 6 - Subject
;//
;//
MessageId=0x0317 SymbolicName=SE_AUDITID_CERTSRV_REQUESTAPPROVED Language=EnglishCertificate Services approved a certificate request and issued a certificate.%n%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3%nDisposition:%t%4%nSKI:%t%t%5%nSubject:%t%6.
;//
;//
;// SE_AUDITID_CERTSRV_REQUESTDENIED
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Requester
;//
;// 3 - Attributes
;//
;// 4 - Disposition
;//
;// 5 - SKI
;//
;// 6 - Subject
;//
;//
MessageId=0x0318 SymbolicName=SE_AUDITID_CERTSRV_REQUESTDENIED Language=EnglishCertificate Services denied a certificate request.%n%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3%nDisposition:%t%4%nSKI:%t%t%5%nSubject:%t%6.
;//
;//
;// SE_AUDITID_CERTSRV_REQUESTPENDING
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Requester
;//
;// 3 - Attributes
;//
;// 4 - Disposition
;//
;// 5 - SKI
;//
;// 6 - Subject
;//
;//
MessageId=0x0319 SymbolicName=SE_AUDITID_CERTSRV_REQUESTPENDING Language=EnglishCertificate Services set the status of a certificate request to pending.%n%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3%nDisposition:%t%4%nSKI:%t%t%5%nSubject:%t%6.
;//
;//
;// SE_AUDITID_CERTSRV_SETOFFICERRIGHTS
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Enable restrictions
;//
;// 2 - Restrictions
;//
;//
MessageId=0x031a SymbolicName=SE_AUDITID_CERTSRV_SETOFFICERRIGHTS Language=EnglishThe certificate manager settings for Certificate Services changed.%n%nEnable:%t%1%n%n%2.
;//
;//
;// SE_AUDITID_CERTSRV_SETCONFIGENTRY
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Node
;//
;// 2 - Entry
;//
;// 3 - Value
;//
;//
MessageId=0x031b SymbolicName=SE_AUDITID_CERTSRV_SETCONFIGENTRY Language=EnglishA configuration entry changed in Certificate Services.%n%nNode:%t%1%nEntry:%t%2%nValue:%t%3.
;//
;//
;// SE_AUDITID_CERTSRV_SETCAPROPERTY
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Property
;//
;// 2 - Index
;//
;// 3 - Type
;//
;// 4 - Value
;//
;//
MessageId=0x031c SymbolicName=SE_AUDITID_CERTSRV_SETCAPROPERTY Language=EnglishA property of Certificate Services changed.%n%nProperty:%t%1%nIndex:%t%2%nType:%t%3%nValue:%t%4.
;//
;//
;// SE_AUDITID_CERTSRV_KEYARCHIVED
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Requester
;//
;// 3 - KRA Hashes
;//
;//
MessageId=0x031d SymbolicName=SE_AUDITID_CERTSRV_KEYARCHIVED Language=EnglishCertificate Services archived a key.%n%nRequest ID:%t%1%nRequester:%t%2%nKRA Hashes:%t%3.
;//
;//
;// SE_AUDITID_CERTSRV_IMPORTKEY
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;//
MessageId=0x031e SymbolicName=SE_AUDITID_CERTSRV_IMPORTKEY Language=EnglishCertificate Services imported and archived a key.%n%nRequest ID:%t%1.
;//
;//
;// SE_AUDITID_CERTSRV_PUBLISHCACERT
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Certificate Hash
;//
;// 2 - Valid From
;//
;// 3 - Valid To
;//
;//
MessageId=0x031f SymbolicName=SE_AUDITID_CERTSRV_PUBLISHCACERT Language=EnglishCertificate Services published the CA certificate to Active Directory.%n%nCertificate Hash:%t%1%nValid From:%t%2%nValid To:%t%3.
;//
;//
;// SE_AUDITID_CERTSRV_DELETEROW
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Table ID
;//
;// 2 - Filter
;//
;// 3 - Rows Deleted
;//
;//
MessageId=0x0320 SymbolicName=SE_AUDITID_CERTSRV_DELETEROW Language=EnglishOne or more rows have been deleted from the certificate database.%n%nTable ID:%t%1%nFilter:%t%2%nRows Deleted:%t%3.
;//
;//
;// SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Role separation state
;//
;//
MessageId=0x0321 SymbolicName=SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE Language=EnglishRole separation enabled:%t%1.
;/*lint +e767 */ // Resume checking for different macro definitions // winnt
;;;#endif // _MSAUDITE_
|
