archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/seaudit/msaudite/msaudite.mc

7843 lines
184 KiB
Raw Blame History

;/*++ BUILD Version: 0001 // Increment this if a change has global effects
;
;Copyright (c) 1991 Microsoft Corporation
;
;Module Name:
;
; msaudite.mc
;
;Abstract:
;
; Constant definitions for the NT Audit Event Messages.
;
;Author:
;
; Jim Kelly (JimK) 30-Mar-1992
;
;Revision History:
;
;Notes:
;
; The .h and .res forms of this file are generated from the .mc
; form of the file (base\seaudit\msaudite\msaudite.mc).
; Please make all changes to the .mc form of the file.
;
; If you add a new audit category or make any change to the
; audit event id valid limits (0x200 ~ 0x5ff), please make a
; corresponding change to ntlsa.h
;
;--*/
;
;#ifndef _MSAUDITE_
;#define _MSAUDITE_
;
;/*lint -e767 */ // Don't complain about different definitions // winnt
MessageIdTypedef=ULONG
SeverityNames=(None=0x0)
FacilityNames=(None=0x0)
MessageId=0x0000
Language=English
Unused message ID
.
;// Message ID 0 is unused - just used to flush out the diagram
;//
;// min/max limits on audit category-id and event-id of audit events
;//
;
;#define SE_ADT_MIN_CATEGORY_ID 1 // SE_CATEGID_SYSTEM
;#define SE_ADT_MAX_CATEGORY_ID 9 // SE_CATEGID_ACCOUNT_LOGON
;
;
;#define SE_ADT_MIN_AUDIT_ID 0x200 // see msaudite.h
;#define SE_ADT_MAX_AUDIT_ID 0x5ff // see msaudite.h
;///////////////////////////////////////////////////////////////////////////
;///////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Audit Message ID Space: //
;// //
;// 0x0000 - 0x00FF : Reserved for future use. //
;// //
;// 0x0100 - 0x01FF : Categories //
;// //
;// 0x0200 - 0x05FF : Events //
;// //
;// 0x0600 - 0x063F : Standard access types and names for //
;// specific accesses when no specific names //
;// can be found. //
;// //
;// 0x0640 - 0x06FF : Well known privilege names (as we would //
;// like them displayed in the event viewer). //
;// //
;// 0x0700 - 0x0FFE : Reserved for future use. //
;// //
;// 0X0FFF : SE_ADT_LAST_SYSTEM_MESSAGE (the highest //
;// value audit message used by the system) //
;// //
;// //
;// 0x1000 and above: For use by Parameter Message Files //
;// //
;///////////////////////////////////////////////////////////////////////////
;///////////////////////////////////////////////////////////////////////////
MessageId=0x0FFF
SymbolicName=SE_ADT_LAST_SYSTEM_MESSAGE
Language=English
Highest System-Defined Audit Message Value.
.
;
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// CATEGORIES //
;// //
;// Categories take up the range 0x1 - 0x400 //
;// //
;// Category IDs: //
;// //
;// SE_CATEGID_SYSTEM //
;// SE_CATEGID_LOGON //
;// SE_CATEGID_OBJECT_ACCESS //
;// SE_CATEGID_PRIVILEGE_USE //
;// SE_CATEGID_DETAILED_TRACKING //
;// SE_CATEGID_POLICY_CHANGE //
;// SE_CATEGID_ACCOUNT_MANAGEMENT //
;// SE_CATEGID_DS_ACCESS //
;// SE_CATEGID_ACCOUNT_LOGON //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
MessageId=0x0001
SymbolicName=SE_CATEGID_SYSTEM
Language=English
System Event
.
MessageId=0x0002
SymbolicName=SE_CATEGID_LOGON
Language=English
Logon/Logoff
.
MessageId=0x0003
SymbolicName=SE_CATEGID_OBJECT_ACCESS
Language=English
Object Access
.
MessageId=0x0004
SymbolicName=SE_CATEGID_PRIVILEGE_USE
Language=English
Privilege Use
.
MessageId=0x0005
SymbolicName=SE_CATEGID_DETAILED_TRACKING
Language=English
Detailed Tracking
.
MessageId=0x0006
SymbolicName=SE_CATEGID_POLICY_CHANGE
Language=English
Policy Change
.
MessageId=0x0007
SymbolicName=SE_CATEGID_ACCOUNT_MANAGEMENT
Language=English
Account Management
.
MessageId=0x0008
SymbolicName=SE_CATEGID_DS_ACCESS
Language=English
Directory Service Access
.
MessageId=0x0009
SymbolicName=SE_CATEGID_ACCOUNT_LOGON
Language=English
Account Logon
.
;
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_SYSTEM //
;// //
;// Event IDs: //
;// SE_AUDITID_SYSTEM_RESTART //
;// SE_AUDITID_SYSTEM_SHUTDOWN //
;// SE_AUDITID_AUTH_PACKAGE_LOAD //
;// SE_AUDITID_LOGON_PROC_REGISTER //
;// SE_AUDITID_AUDITS_DISCARDED //
;// SE_AUDITID_NOTIFY_PACKAGE_LOAD //
;// SE_AUDITID_LPC_INVALID_USE //
;// SE_AUDITID_SYSTEM_TIME_CHANGE //
;// SE_AUDITID_UNABLE_TO_LOG_EVENTS //
;// SE_AUDITID_SECURITY_LOG_EXCEEDS_WARNING_LEVEL //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_SYSTEM_RESTART
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings - None
;//
;//
;//
MessageId=0x0200
SymbolicName=SE_AUDITID_SYSTEM_RESTART
Language=English
Windows is starting up.
.
;//
;//
;// SE_AUDITID_SYSTEM_SHUTDOWN
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings - None
;//
;//
;//
MessageId=0x0201
SymbolicName=SE_AUDITID_SYSTEM_SHUTDOWN
Language=English
Windows is shutting down.
All logon sessions will be terminated by this shutdown.
.
;//
;//
;// SE_AUDITID_SYSTEM_AUTH_PACKAGE_LOAD
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Authentication Package Name
;//
;//
;//
MessageId=0x0202
SymbolicName=SE_AUDITID_AUTH_PACKAGE_LOAD
Language=English
An authentication package has been loaded by the Local Security Authority.
This authentication package will be used to authenticate logon attempts.
%n
Authentication Package Name:%t%1
.
;//
;//
;// SE_AUDITID_SYSTEM_LOGON_PROC_REGISTER
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Logon Process Name
;//
;//
;//
MessageId=0x0203
SymbolicName=SE_AUDITID_SYSTEM_LOGON_PROC_REGISTER
Language=English
A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.
%n
%n
Logon Process Name:%t%1
.
;//
;//
;// SE_AUDITID_AUDITS_DISCARDED
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Number of audits discarded
;//
;//
;//
MessageId=0x0204
SymbolicName=SE_AUDITID_AUDITS_DISCARDED
Language=English
Internal resources allocated for the queuing of audit messages have been exhausted,
leading to the loss of some audits.
%n
%tNumber of audit messages discarded:%t%1
.
;//
;//
;// SE_AUDITID_AUDIT_LOG_CLEARED
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Primary user account name
;//
;// 2 - Primary authenticating domain name
;//
;// 3 - Primary logon ID string
;//
;// 4 - Client user account name ("-" if no client)
;//
;// 5 - Client authenticating domain name ("-" if no client)
;//
;// 6 - Client logon ID string ("-" if no client)
;//
;//
;//
MessageId=0x0205
SymbolicName=SE_AUDITID_AUDIT_LOG_CLEARED
Language=English
The audit log was cleared
%n
%tPrimary User Name:%t%1%n
%tPrimary Domain:%t%2%n
%tPrimary Logon ID:%t%3%n
%tClient User Name:%t%4%n
%tClient Domain:%t%5%n
%tClient Logon ID:%t%6%n
.
;//
;//
;// SE_AUDITID_SYSTEM_NOTIFY_PACKAGE_LOAD
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Notification Package Name
;//
;//
;//
MessageId=0x0206
SymbolicName=SE_AUDITID_NOTIFY_PACKAGE_LOAD
Language=English
An notification package has been loaded by the Security Account Manager.
This package will be notified of any account or password changes.
%n
Notification Package Name:%t%1
.
;//
;//
;// SE_AUDITID_LPC_INVALID_USE
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - LPC call (e.g. "impersonation" | "reply")
;//
;// 2 - Server Port name
;//
;// 3 - Faulting process
;//
;// Event type: success
;//
;// Description:
;// SE_AUDIT_LPC_INVALID_USE is generated when a process uses an invalid LPC
;// port in an attempt to impersonate a client, reply or read/write from/to a client address space.
;//
MessageId=0x0207
SymbolicName=SE_AUDITID_LPC_INVALID_USE
Language=English
Invalid use of LPC port.%n
%tProcess ID: %1%n
%tImage File Name: %2%n
%tPrimary User Name:%t%3%n
%tPrimary Domain:%t%4%n
%tPrimary Logon ID:%t%5%n
%tClient User Name:%t%6%n
%tClient Domain:%t%7%n
%tClient Logon ID:%t%8%n
%tInvalid use: %9%n
%tServer Port Name:%t%10%n
.
;//
;//
;// SE_AUDITID_SYSTEM_TIME_CHANGE
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// Type: success
;//
;// Description: This event is generated when the system time is changed.
;//
;// Note: This will often appear twice in the audit log; this is an implementation
;// detail wherein changing the system time results in two calls to NtSetSystemTime.
;// This is necessary to deal with time zone changes.
;//
;//
MessageId=0x0208
SymbolicName=SE_AUDITID_SYSTEM_TIME_CHANGE
Language=English
The system time was changed.%n
Process ID:%t%t%1%n
Process Name:%t%t%2%n
Primary User Name:%t%3%n
Primary Domain:%t%t%4%n
Primary Logon ID:%t%t%5%n
Client User Name:%t%t%6%n
Client Domain:%t%t%7%n
Client Logon ID:%t%t%8%n
Previous Time:%t%t%10 %9%n
New Time:%t%t%12 %11%n
.
;//
;//
;// SE_AUDITID_UNABLE_TO_LOG_EVENTS
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Type: failure
;//
;// Description:
;// This event is generated when the system is not able to log
;// security audit events.
;//
;// Parameters:
;// 1 : Win32 error code
;//
;// 2 : value of the key System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
;// 0 --> CrashOnAuditFail is not set
;// 1 --> system will crash if not able to log audit events
;// 2 --> system has rebooted after such a crash and will allow
;// only admins to logon
;//
;//
MessageId=0x0209
SymbolicName=SE_AUDITID_UNABLE_TO_LOG_EVENTS
Language=English
Unable to log events to security log:%n
%tStatus code:%t%t%1%n
%tValue of CrashOnAuditFail:%t%2%n
.
;//
;//
;// SE_AUDITID_AUDIT_COLLECTION_AGENT_ERROR
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Type: failure
;//
;// Description:
;// This event is generated when AdtAgent/AdtServer
;// encounter an error.
;//
;// Parameters:
;// 1 : Component (AdtAgent, AdtServer, etc.)
;// 2 : Version of the component
;// 3 : Win32 error
;//
MessageId=0x020A
SymbolicName=SE_AUDITID_AUDIT_COLLECTION_AGENT_ERROR
Language=English
The audit collection system has encountered an error.%n
%tComponent:%t%1%n
%tVersion:%t%2%n
%tStatus code:%t%3%n
.
;//
;//
;// SE_AUDITID_SECURITY_LOG_EXCEEDS_WARNING_LEVEL
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Parameter Strings -
;//
;// 1 - Percent Full
;//
;// Description: This event is generated when security logs exceedes a certain
;// percent full. That percent is controlled by the registry value named
;// "WarningLevel" which is stored in the security subkey of the eventlog.
;//
;//
MessageId=0x020b
SymbolicName=SE_AUDITID_SECURITY_LOG_EXCEEDS_WARNING_LEVEL
Language=English
The security log is now %1 percent full.
.
;//
;//
;// SE_AUDITID_EVENT_LOG_AUTOBACKUP
;//
;// Category: SE_CATEGID_SYSTEM
;//
;// Type: success/failure
;//
;// Description:
;// This event is generated when the eventlog service automatically
;// backs-up the security log.
;//
;// Parameters:
;// 1 : Type of log (for example, 'Security')
;// 2 : Full path to the backed-up copy
;// 3 : Win32 error (0 ==> success)
;//
MessageId=0x20c
SymbolicName=SE_AUDITID_EVENT_LOG_AUTOBACKUP
Language=English
Event log auto-backup%n
%tLog:%t%1%n
%tFile:%t%2%n
%tStatus:%t%3%n
.
;
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_LOGON //
;// //
;// Event IDs: //
;// SE_AUDITID_SUCCESSFUL_LOGON //
;// SE_AUDITID_UNKNOWN_USER_OR_PWD //
;// SE_AUDITID_ACCOUNT_TIME_RESTR //
;// SE_AUDITID_ACCOUNT_DISABLED //
;// SE_AUDITID_ACCOUNT_EXPIRED //
;// SE_AUDITID_WORKSTATION_RESTR //
;// SE_AUDITID_LOGON_TYPE_RESTR //
;// SE_AUDITID_PASSWORD_EXPIRED //
;// SE_AUDITID_NETLOGON_NOT_STARTED //
;// SE_AUDITID_UNSUCCESSFUL_LOGON //
;// SE_AUDITID_LOGOFF //
;// SE_AUDITID_ACCOUNT_LOCKED //
;// SE_AUDITID_NETWORK_LOGON //
;// SE_AUDITID_IPSEC_LOGON_SUCCESS //
;// SE_AUDITID_IPSEC_LOGOFF_MM //
;// SE_AUDITID_IPSEC_LOGOFF_QM //
;// SE_AUDITID_IPSEC_AUTH_FAIL_CERT_TRUST //
;// SE_AUDITID_IPSEC_AUTH //
;// SE_AUDITID_IPSEC_ATTRIB_FAIL //
;// SE_AUDITID_IPSEC_NEGOTIATION_FAIL //
;// SE_AUDITID_IPSEC_IKE_NOTIFICATION //
;// SE_AUDITID_DOMAIN_TRUST_INCONSISTENT //
;// SE_AUDITID_AUTH_REPLAY_DETECTED //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_SUCCESSFUL_LOGON
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;// 4 - Logon Type string
;//
;// 5 - Logon process name
;//
;// 6 - Authentication package name
;//
;// 7 - Workstation from which logon request came
;//
;// 8 - Globally unique logon ID
;//
;//
MessageId=0x0210
SymbolicName=SE_AUDITID_SUCCESSFUL_LOGON
Language=English
Successful Logon:%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon ID:%t%t%3%n
%tLogon Type:%t%4%n
%tLogon Process:%t%5%n
%tAuthentication Package:%t%6%n
%tWorkstation Name:%t%7%n
%tLogon GUID:%t%8%n
%tCaller User Name:%t%9%n
%tCaller Domain:%t%10%n
%tCaller Logon ID:%t%11%n
%tCaller Process ID: %12%n
%tTransited Services: %13%n
%tSource Network Address:%t%14%n
%tSource Port:%t%15%n
.
;//
;//
;// SE_AUDITID_UNKNOWN_USER_OR_PWD
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0211
SymbolicName=SE_AUDITID_UNKNOWN_USER_OR_PWD
Language=English
Logon Failure:%n
%tReason:%t%tUnknown user name or bad password%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6%n
%tCaller User Name:%t%7%n
%tCaller Domain:%t%8%n
%tCaller Logon ID:%t%9%n
%tCaller Process ID:%t%10%n
%tTransited Services:%t%11%n
%tSource Network Address:%t%12%n
%tSource Port:%t%13%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_TIME_RESTR
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0212
SymbolicName=SE_AUDITID_ACCOUNT_TIME_RESTR
Language=English
Logon Failure:%n
%tReason:%t%tAccount logon time restriction violation%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6%n
%tCaller User Name:%t%7%n
%tCaller Domain:%t%8%n
%tCaller Logon ID:%t%9%n
%tCaller Process ID:%t%10%n
%tTransited Services:%t%11%n
%tSource Network Address:%t%12%n
%tSource Port:%t%13%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_DISABLED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0213
SymbolicName=SE_AUDITID_ACCOUNT_DISABLED
Language=English
Logon Failure:%n
%tReason:%t%tAccount currently disabled%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6%n
%tCaller User Name:%t%7%n
%tCaller Domain:%t%8%n
%tCaller Logon ID:%t%9%n
%tCaller Process ID:%t%10%n
%tTransited Services:%t%11%n
%tSource Network Address:%t%12%n
%tSource Port:%t%13%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_EXPIRED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0214
SymbolicName=SE_AUDITID_ACCOUNT_EXPIRED
Language=English
Logon Failure:%n
%tReason:%t%tThe specified user account has expired%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6%n
%tCaller User Name:%t%7%n
%tCaller Domain:%t%8%n
%tCaller Logon ID:%t%9%n
%tCaller Process ID:%t%10%n
%tTransited Services:%t%11%n
%tSource Network Address:%t%12%n
%tSource Port:%t%13%n
.
;//
;//
;// SE_AUDITID_WORKSTATION_RESTR
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0215
SymbolicName=SE_AUDITID_WORKSTATION_RESTR
Language=English
Logon Failure:%n
%tReason:%t%tUser not allowed to logon at this computer%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6%n
%tCaller User Name:%t%7%n
%tCaller Domain:%t%8%n
%tCaller Logon ID:%t%9%n
%tCaller Process ID:%t%10%n
%tTransited Services:%t%11%n
%tSource Network Address:%t%12%n
%tSource Port:%t%13%n
.
;//
;//
;// SE_AUDITID_LOGON_TYPE_RESTR
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0216
SymbolicName=SE_AUDITID_LOGON_TYPE_RESTR
Language=English
Logon Failure:%n
%tReason:%tThe user has not been granted the requested%n
%t%tlogon type at this machine%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6%n
%tCaller User Name:%t%7%n
%tCaller Domain:%t%8%n
%tCaller Logon ID:%t%9%n
%tCaller Process ID:%t%10%n
%tTransited Services:%t%11%n
%tSource Network Address:%t%12%n
%tSource Port:%t%13%n
.
;//
;//
;// SE_AUDITID_PASSWORD_EXPIRED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0217
SymbolicName=SE_AUDITID_PASSWORD_EXPIRED
Language=English
Logon Failure:%n
%tReason:%t%tThe specified account's password has expired%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6%n
%tCaller User Name:%t%7%n
%tCaller Domain:%t%8%n
%tCaller Logon ID:%t%9%n
%tCaller Process ID:%t%10%n
%tTransited Services:%t%11%n
%tSource Network Address:%t%12%n
%tSource Port:%t%13%n
.
;//'
;//
;// SE_AUDITID_NETLOGON_NOT_STARTED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0218
SymbolicName=SE_AUDITID_NETLOGON_NOT_STARTED
Language=English
Logon Failure:%n
%tReason:%t%tThe NetLogon component is not active%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6%n
%tCaller User Name:%t%7%n
%tCaller Domain:%t%8%n
%tCaller Logon ID:%t%9%n
%tCaller Process ID:%t%10%n
%tTransited Services:%t%11%n
%tSource Network Address:%t%12%n
%tSource Port:%t%13%n
.
;//
;//
;// SE_AUDITID_UNSUCCESSFUL_LOGON
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x0219
SymbolicName=SE_AUDITID_UNSUCCESSFUL_LOGON
Language=English
Logon Failure:%n
%tReason:%t%tAn error occurred during logon%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6%n
%tStatus code:%t%7%n
%tSubstatus code:%t%8%n
%tCaller User Name:%t%9%n
%tCaller Domain:%t%10%n
%tCaller Logon ID:%t%11%n
%tCaller Process ID:%t%12%n
%tTransited Services:%t%13%n
%tSource Network Address:%t%14%n
%tSource Port:%t%15%n
.
;//
;//
;// SE_AUDITID_LOGOFF
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : success
;//
;// Description:
;// This event is generated when the logoff process is complete,
;// A logoff is considered complete when the associated logon session object
;// is deleted.
;//
;// Notes:
;// A logon session object is deleted only after all tokens
;// associated with it are closed. This can take arbitrarily long time.
;// Because of this, the time difference between SE_AUDITID_SUCCESSFUL_LOGON
;// and SE_AUDITID_LOGOFF does not accurately indicate the total logon duration
;// for a user. To calculate the logon duration, use the SE_AUDITID_BEGIN_LOGOFF
;// time instead.
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;// 3 - Logon Type string
;//
;//
;//
MessageId=0x021A
SymbolicName=SE_AUDITID_LOGOFF
Language=English
User Logoff:%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon ID:%t%t%3%n
%tLogon Type:%t%4%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_LOCKED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon Type string
;//
;// 4 - Logon process name
;//
;// 5 - Authentication package name
;//
;//
MessageId=0x021B
SymbolicName=SE_AUDITID_ACCOUNT_LOCKED
Language=English
Logon Failure:%n
%tReason:%t%tAccount locked out%n
%tUser Name:%t%1%n
%tDomain:%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6%n
%tCaller User Name:%t%7%n
%tCaller Domain:%t%8%n
%tCaller Logon ID:%t%9%n
%tCaller Process ID: %10%n
%tTransited Services: %11%n
%tSource Network Address:%t%12%n
%tSource Port:%t%13%n
.
;//
;//
;// SE_AUDITID_NETWORK_LOGON
;//
;// Category: SE_CATEGID_LOGON
;//
;// Description:
;// This event represents a successful logon of type Network(2) or
;// NetworkCleartext(8).
;//
;// [kumarp] I do not know why this event was created separately because
;// this was already covered by SE_AUDITID_SUCCESSFUL_LOGON with
;// the right logon types.
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;// 4 - Logon Type string
;//
;// 5 - Logon process name
;//
;// 6 - Authentication package name
;//
;// 7 - Workstation from which logon request came
;//
;// 8 - Globally unique logon ID
;//
MessageId=0x021c
SymbolicName=SE_AUDITID_NETWORK_LOGON
Language=English
Successful Network Logon:%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon ID:%t%t%3%n
%tLogon Type:%t%4%n
%tLogon Process:%t%5%n
%tAuthentication Package:%t%6%n
%tWorkstation Name:%t%7%n
%tLogon GUID:%t%8%n
%tCaller User Name:%t%9%n
%tCaller Domain:%t%10%n
%tCaller Logon ID:%t%11%n
%tCaller Process ID: %12%n
%tTransited Services: %13%n
%tSource Network Address:%t%14%n
%tSource Port:%t%15%n
.
;//
;//
;// SE_AUDITID_IPSEC_LOGON_SUCCESS
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Mode
;//
;// 2 - Peer Identity
;//
;// 3 - Filter
;//
;// 4 - Parameters
;//
;//
MessageId=0x021d
SymbolicName=SE_AUDITID_IPSEC_LOGON_SUCCESS
Language=English
IKE security association established.%n
Mode: %n%1%n
Peer Identity: %n%2%n
Filter: %n%3%n
Parameters: %n%4%n
.
;//
;//
;// SE_AUDITID_IPSEC_LOGOFF_QM
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Filter
;//
;// 2 - Inbound SPI
;//
;// 3 - Outbound SPI
;//
;//
MessageId=0x021e
SymbolicName=SE_AUDITID_IPSEC_LOGOFF_QM
Language=English
IKE security association ended.%n
Mode: Data Protection (Quick mode)
Filter: %n%1%n
Inbound SPI: %n%2%n
Outbound SPI: %n%3%n
.
;//
;//
;// SE_AUDITID_IPSEC_LOGOFF_MM
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Filter
;//
MessageId=0x021f
SymbolicName=SE_AUDITID_IPSEC_LOGOFF_MM
Language=English
IKE security association ended.%n
Mode: Key Exchange (Main mode)%n
Filter: %n%1%n
.
;//
;//
;// SE_AUDITID_IPSEC_AUTH_FAIL_CERT_TRUST
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Peer Identity
;//
;// 2 - Filter
;//
;//
MessageId=0x0220
SymbolicName=SE_AUDITID_IPSEC_AUTH_FAIL_CERT_TRUST
Language=English
IKE security association establishment failed because peer could not authenticate.
The certificate trust could not be established.%n
Peer Identity: %n%1%n
Filter: %n%2%n
.
;//
;//
;// SE_AUDITID_IPSEC_AUTH_FAIL
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Peer Identity
;//
;// 2 - Filter
;//
;//
MessageId=0x0221
SymbolicName=SE_AUDITID_IPSEC_AUTH_FAIL
Language=English
IKE peer authentication failed.%n
Peer Identity: %n%1%n
Filter: %n%2%n
.
;//
;//
;// SE_AUDITID_IPSEC_ATTRIB_FAIL
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Mode
;//
;// 2 - Filter
;//
;// 3 - Attribute Name
;//
;// 4 - Expected Value
;//
;// 5 - Received Value
;//
;//
MessageId=0x0222
SymbolicName=SE_AUDITID_IPSEC_ATTRIB_FAIL
Language=English
IKE security association establishment failed because peer
sent invalid proposal.%n
Mode: %n%1%n
Filter: %n%2%n
Attribute: %n%3%n
Expected value: %n%4%n
Received value: %n%5%n
.
;//
;//
;// SE_AUDITID_IPSEC_NEGOTIATION_FAIL
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Mode
;//
;// 2 - Filter
;//
;// 3 - Failure Point
;//
;// 4 - Failure Reason
;//
;//
MessageId=0x0223
SymbolicName=SE_AUDITID_IPSEC_NEGOTIATION_FAIL
Language=English
IKE security association negotiation failed.%n
Mode: %n%1%n
Filter: %n%2%n
Peer Identity: %n%3%n
Failure Point: %n%4%n
Failure Reason: %n%5%n
Extra Status: %n%6%n
.
;//
;//
;// SE_AUDITID_DOMAIN_TRUST_INCONSISTENT
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : failure
;//
;// Description:
;// This event is generated by an authentication package when the
;// quarantined domain SID filtering function in LSA returns
;// STATUS_DOMAIN_TRUST_INCONSISTENT error code.
;//
;// In case of kerberos:
;// If the server ticket info has a TDOSid then KdcCheckPacForSidFiltering
;// function makes a check to make sure the SID from the TDO matches
;// the client's home domain SID. A call to LsaIFilterSids
;// is made to do the check. If this function fails with
;// STATUS_DOMAIN_TRUST_INCONSISTENT then this event is generated.
;//
;// In case of netlogon:
;// NlpUserValidateHigher function does a similar check by
;// calling LsaIFilterSids.
;//
;// Notes:
;//
MessageId=0x0224
SymbolicName=SE_AUDITID_DOMAIN_TRUST_INCONSISTENT
Language=English
Logon Failure:%n
%tReason:%t%tDomain sid inconsistent%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6
%tTransited Services:%t%7%n
.
;//
;//
;// SE_AUDITID_ALL_SIDS_FILTERED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : failure
;//
;// Description:
;// During a cross forest authentication, SIDS corresponding to untrusted
;// namespaces are filtered out. If this filtering action results into
;// removal of all sids then this event is generated.
;//
;// Notes:
;// This is generated on the computer running kdc
;//
;// **** This event is now obsolete. The schema below is retained so that
;// people can view old instance of this event using a new viewer.
;//
MessageId=0x0225
SymbolicName=SE_AUDITID_ALL_SIDS_FILTERED
Language=English
Logon Failure:%n
%tReason: %tAll sids were filtered out%n
%tUser Name:%t%1%n
%tDomain:%t%2%n
%tLogon Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package%t: %5%n
%tWorkstation Name:%t%6
.
;//
;//
;// SE_AUDITID_IPSEC_IKE_NOTIFICATION
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - Notification Message
;//
MessageId=0x0226
SymbolicName=SE_AUDITID_IPSEC_IKE_NOTIFICATION
Language=English
%1%n
.
;//
;//
;// SE_AUDITID_BEGIN_LOGOFF
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : success
;//
;// Description:
;// This event is generated when a user initiates logoff.
;//
;// Notes:
;// When the logoff process is complete, SE_AUDITID_LOGOFF event is generated.
;// A logoff is considered complete when the associated logon session object
;// is deleted. This happens only after all tokens associated with it are closed.
;// This can take arbitrarily long time therefore there can be a substantial
;// time difference between the two events.
;//
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;//
MessageId=0x0227
SymbolicName=SE_AUDITID_BEGIN_LOGOFF
Language=English
User initiated logoff:%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon ID:%t%t%3%n
.
;//
;//
;// SE_AUDITID_LOGON_USING_EXPLICIT_CREDENTIALS
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : success
;//
;// Description:
;// This event is generated when someone tries to logon using
;// explicit credentials while already logged on as a different user.
;//
;// Notes:
;// This is generated on the client machine from which logon request originates.
;//
;//
MessageId=0x0228
SymbolicName=SE_AUDITID_LOGON_USING_EXPLICIT_CREDENTIALS
Language=English
Logon attempt using explicit credentials:%n
Logged on user:%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon ID:%t%t%3%n
%tLogon GUID:%t%4%n
User whose credentials were used:%n
%tTarget User Name:%t%5%n
%tTarget Domain:%t%6%n
%tTarget Logon GUID: %7%n%n
Target Server Name:%t%8%n
Target Server Info:%t%9%n
Caller Process ID:%t%10%n
Source Network Address:%t%11%n
Source Port:%t%12%n
.
;//
;//
;// SE_AUDITID_AUTH_REPLAY_DETECTED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Event Type : failure
;//
;// Description:
;// This event is generated when an auth package detects replay attack.
;//
;// Notes:
;// This is generated by the computer running kdc or the server machine
;// that is receiving the auth request. For kerberos, Request Type is one of
;// the KRB_XXX_REQ or whatever request depending on the specific auth protocol.
;//
;//
MessageId=0x0229
SymbolicName=SE_AUDITID_AUTH_REPLAY_DETECTED
Language=English
%tUser Name:%t%1%n
%tDomain:%t%%t%2%n
%tRequest Type:%t%3%n
%tLogon Process:%t%4%n
%tAuthentication Package:%t%5%n
%tWorkstation Name:%t%6%n
%tCaller User Name:%t%7%n
%tCaller Domain:%t%8%n
%tCaller Logon ID:%t%9%n
%tCaller Process ID: %10%n
%tTransited Services: %11%n
.
;
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_OBJECT_ACCESS //
;// //
;// Event IDs: //
;// SE_AUDITID_OPEN_HANDLE //
;// SE_AUDITID_CLOSE_HANDLE //
;// SE_AUDITID_OPEN_OBJECT_FOR_DELETE //
;// SE_AUDITID_DELETE_OBJECT //
;// SE_AUDITID_OPEN_HANDLE_OBJECT_TYPE //
;// SE_AUDITID_OBJECT_OPERATION //
;// SE_AUDITID_OBJECT_ACCESS //
;// SE_AUDITID_HARDLINK_CREATION //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_OPEN_HANDLE
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object Type string
;//
;// 2 - Object name
;//
;// 3 - New handle ID string
;//
;// 4 - Object server name
;//
;// 5 - Process ID string
;//
;// 6 - Primary user account name
;//
;// 7 - Primary authenticating domain name
;//
;// 8 - Primary logon ID string
;//
;// 9 - Client user account name ("-" if no client)
;//
;// 10 - Client authenticating domain name ("-" if no client)
;//
;// 11 - Client logon ID string ("-" if no client)
;//
;// 12 - Access names
;//
;//
;//
;//
MessageId=0x0230
SymbolicName=SE_AUDITID_OPEN_HANDLE
Language=English
Object Open:%n
%tObject Server:%t%1%n
%tObject Type:%t%2%n
%tObject Name:%t%3%n
%tHandle ID:%t%4%n
%tOperation ID:%t{%5,%6}%n
%tProcess ID:%t%7%n
%tImage File Name:%t%8%n
%tPrimary User Name:%t%9%n
%tPrimary Domain:%t%10%n
%tPrimary Logon ID:%t%11%n
%tClient User Name:%t%12%n
%tClient Domain:%t%13%n
%tClient Logon ID:%t%14%n
%tAccesses:%t%15%n
%tPrivileges:%t%16%n
%tRestricted Sid Count:%t%17%n
%tAccess Mask:%t%18%n
.
;//
;//
;// SE_AUDITID_CLOSE_HANDLE
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object server name
;//
;// 2 - Handle ID string
;//
;// 3 - Process ID string
;//
;//
;//
;//
MessageId=0x0232
SymbolicName=SE_AUDITID_CLOSE_HANDLE
Language=English
Handle Closed:%n
%tObject Server:%t%1%n
%tHandle ID:%t%2%n
%tProcess ID:%t%3%n
%tImage File Name:%t%4%n
.
;//
;//
;// SE_AUDITID_OPEN_OBJECT_FOR_DELETE
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object Type string
;//
;// 2 - Object name
;//
;// 3 - New handle ID string
;//
;// 4 - Object server name
;//
;// 5 - Process ID string
;//
;// 6 - Primary user account name
;//
;// 7 - Primary authenticating domain name
;//
;// 8 - Primary logon ID string
;//
;// 9 - Client user account name ("-" if no client)
;//
;// 10 - Client authenticating domain name ("-" if no client)
;//
;// 11 - Client logon ID string ("-" if no client)
;//
;// 12 - Access names
;//
;//
;//
;//
MessageId=0x0233
SymbolicName=SE_AUDITID_OPEN_OBJECT_FOR_DELETE
Language=English
Object Open for Delete:%n
%tObject Server:%t%1%n
%tObject Type:%t%2%n
%tObject Name:%t%3%n
%tHandle ID:%t%4%n
%tOperation ID:%t{%5,%6}%n
%tProcess ID:%t%7%n
%tPrimary User Name:%t%8%n
%tPrimary Domain:%t%9%n
%tPrimary Logon ID:%t%10%n
%tClient User Name:%t%11%n
%tClient Domain:%t%12%n
%tClient Logon ID:%t%13%n
%tAccesses:%t%t%14%n
%tPrivileges:%t%t%15%n
%tAccess Mask:%t%16%n
.
;//
;//
;// SE_AUDITID_DELETE_OBJECT
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object server name
;//
;// 2 - Handle ID string
;//
;// 3 - Process ID string
;//
;//
;//
;//
MessageId=0x0234
SymbolicName=SE_AUDITID_DELETE_OBJECT
Language=English
Object Deleted:%n
%tObject Server:%t%1%n
%tHandle ID:%t%2%n
%tProcess ID:%t%3%n
%tImage File Name:%t%4%n
.
;//
;//
;// SE_AUDITID_OPEN_HANDLE_OBJECT_TYPE
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object Type string
;//
;// 2 - Object name
;//
;// 3 - New handle ID string
;//
;// 4 - Object server name
;//
;// 5 - Process ID string
;//
;// 6 - Primary user account name
;//
;// 7 - Primary authenticating domain name
;//
;// 8 - Primary logon ID string
;//
;// 9 - Client user account name ("-" if no client)
;//
;// 10 - Client authenticating domain name ("-" if no client)
;//
;// 11 - Client logon ID string ("-" if no client)
;//
;// 12 - Access names
;//
;// 13 - Object Type parameters
;//
;//
;//
;//
MessageId=0x0235
SymbolicName=SE_AUDITID_OPEN_HANDLE_OBJECT_TYPE
Language=English
Object Open:%n
%tObject Server:%t%1%n
%tObject Type:%t%2%n
%tObject Name:%t%3%n
%tHandle ID:%t%4%n
%tOperation ID:%t{%5,%6}%n
%tProcess ID:%t%7%n
%tProcess Name:%t%8%n
%tPrimary User Name:%t%9%n
%tPrimary Domain:%t%10%n
%tPrimary Logon ID:%t%11%n
%tClient User Name:%t%12%n
%tClient Domain:%t%13%n
%tClient Logon ID:%t%14%n
%tAccesses:%t%15%n
%tPrivileges:%t%16%n%n
%tProperties:%n%17%n
%tAccess Mask:%t%18%n
.
;
;// SE_AUDITID_OBJECT_OPERATION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Operation Name
;//
;// 2 - Object Type
;//
;// 3 - Object name
;//
;// 4 - Handle ID
;//
;// 5 - Primary user account name
;//
;// 6 - Primary authenticating domain name
;//
;// 7 - Primary logon ID string
;//
;// 8 - Client user account name ("-" if no client)
;//
;// 9 - Client authenticating domain name ("-" if no client)
;//
;// 10 - Client logon ID string ("-" if no client)
;//
;// 11 - Requested accesses to the object
;//
;// 12 - Object properties ("-" if none)
;//
;// 13 - additional information ("-" if none)
;//
MessageId=0x0236
SymbolicName=SE_AUDITID_OBJECT_OPERATION
Language=English
Object Operation:%n
%tObject Server:%t%1%n
%tOperation Type:%t%2%n
%tObject Type:%t%3%n
%tObject Name:%t%4%n
%tHandle ID:%t%5%n
%tPrimary User Name:%t%6%n
%tPrimary Domain:%t%7%n
%tPrimary Logon ID:%t%8%n
%tClient User Name:%t%9%n
%tClient Domain:%t%10%n
%tClient Logon ID:%t%11%n
%tAccesses:%t%12%n
%tProperties:%n%t%13%n
%tAdditional Info:%t%14%n
%tAdditional Info2:%t%15%n
%tAccess Mask:%t%16%n
.
;//
;//
;// SE_AUDITID_OBJECT_ACCESS
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object server name
;//
;// 2 - Handle ID string
;//
;// 3 - Process ID string
;//
;// 4 - List of Accesses
;//
;//
MessageId=0x0237
SymbolicName=SE_AUDITID_OBJECT_ACCESS
Language=English
Object Access Attempt:%n
%tObject Server:%t%1%n
%tHandle ID:%t%2%n
%tObject Type:%t%3%n
%tProcess ID:%t%4%n
%tImage File Name:%t%5%n
%tAccesses:%t%6%n
%tAccess Mask:%t%7%n
.
;//
;//
;// SE_AUDITID_HARDLINK_CREATION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Object server name
;//
;// 2 - Handle ID string
;//
;// 3 - Process ID string
;//
;//
;//
;//
MessageId=0x0238
SymbolicName=SE_AUDITID_HARDLINK_CREATION
Language=English
Hard link creation attempt:%n
%tPrimary User Name:%t%1%n
%tPrimary Domain:%t%2%n
%tPrimary Logon ID:%t%3%n
%tFile Name:%t%4%n
%tLink Name:%t%5%n
.
;//
;//
;// SE_AUDITID_AZ_CLIENTCONTEXT_CREATION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Application name
;//
;// 2 - Application instance id
;//
;// 3 - Client name
;//
;// 4 - Client domain name
;//
;// 5 - Client Logon id
;//
;// 6 - Error status
;//
;//
;// Description: This audit is generated when the resource manager in AZ
;// creates a client context. Currently, the only creation supported is
;// from a Nt Token. To track back to the identity of the client, use the Client
;// context Id and match it with the Logon Id in the Token Creation audit.
;//
;//
MessageId=0x0239
SymbolicName=SE_AUDITID_AZ_CLIENTCONTEXT_CREATION
Language=English
Application client context creation attempt:%n
%tApplication Name:%t%1%n
%tApplication Instance ID:%t%2%n
%tClient Name:%t%3%n
%tClient Domain:%t%4%n
%tClient Context ID:%t%5%n
%tStatus:%t%6%n
.
;//
;//
;// SE_AUDITID_AZ_ACCESSCHECK
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Application Name
;//
;// 2 - Application instance luid
;//
;// 3 - Object Name
;//
;// 4 - Scope name to which the object belongs
;// Scopes are not nested in V1. In V2, this will be a comma
;// separated list.
;//
;// 5 - Client name
;//
;// 6 - Client domain name
;//
;// 7 - Client Logon Id
;//
;// 8 - Role information
;// Role because of which the client was granted access.
;//
;// 9 - Group Information
;// Groups because of which the client belonged to the role.
;// This is a comma separated list.
;//
;// 10 - Operation name
;// Name of the operation e.g. Read general information
;//
;// 11 - Operation Id
;// DWORD internal representation of the operation.
;//
;//
;// Desription: This audit is generated when the client accesses an object.
;// One audit (success/failure) is generated per every Operation asked for.
;// Ex: Asked for Op1, Op2, Op3.
;// Granted Op1; Denied Op2, Op3
;// Will generate one success and 2 failure audits.
;//
MessageId=0x023A
SymbolicName=SE_AUDITID_AZ_ACCESSCHECK
Language=English
Application operation attempt:%n
%tApplication Name:%t%1%n
%tApplication Instance ID:%t%2%n
%tObject Name:%t%3%n
%tScope Names:%t%4%n
%tClient Name:%t%5%n
%tClient Domain:%t%6%n
%tClient Context ID:%t%7%n
%tRole:%t%8%n
%tGroups:%t%9%n
%tOperation Name:%t%10 (%11)%n
.
;//
;//
;// SE_AUDITID_AZ_CLIENTCONTEXT_DELETION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Application name
;//
;// 2 - Application instance luid
;//
;// 3 - Client name
;//
;// 4 - Client domain name
;//
;// 5 - Client login Id
;//
;// Description: This audit is generated when the client context is deleted by
;// the AZ app. Tie this with the client context creation audit.
;//
;//
;//
MessageId=0x023B
SymbolicName=SE_AUDITID_AZ_CLIENTCONTEXT_DELETION
Language=English
Application client context deletion:%n
%tApplication Name:%t%1%n
%tApplication Instance ID:%t%2%n
%tClient Name:%t%3%n
%tClient Domain:%t%4%n
%tClient Context ID:%t%5%n
.
;//
;//
;// SE_AUDITID_AZ_APPLICATION_INITIALIZATION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Application name
;//
;// 2 - Application instance luid
;//
;// 3 - Client name
;//
;// 4 - Client domain name
;//
;// 5 - Client logon id
;//
;// 6 - Policy store url
;//
;// Description: This audit is generated when the admin manager initializes the
;// app. The applciation name and instance Id help to tie the future audits.
;//
;//
;//
MessageId=0x023C
SymbolicName=SE_AUDITID_AZ_APPLICATION_INITIALIZATION
Language=English
Application Initialized%n
%tApplication Name:%t%1%n
%tApplication Instance ID:%t%2%n
%tClient Name:%t%3%n
%tClient Domain:%t%4%n
%tClient ID:%t%5%n
%tPolicy Store URL:%t%6%n
.
;//
;//
;// SE_AUDITID_GENERIC_AUDIT_EVENT
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - source name
;//
;// 2 - event ID specific to this source
;//
;// 3 - 27 : insertion strings
;//
;//
;// Description:
;// This audit is generated when a process generates non-system audit event
;// using the AuthZ audit API. Parameters supplied by the process are converted
;// to strings and inserted as strings %3 through %27.
;//
;//
;//
MessageId=0x023D
SymbolicName=SE_AUDITID_GENERIC_AUDIT_EVENT
Language=English
%nApplication-specific security event.%n
%tEvent Source:%t%1%n
%tEvent ID:%t%2%n
%t%t%3%n
%t%t%4%n
%t%t%5%n
%t%t%6%n
%t%t%7%n
%t%t%8%n
%t%t%9%n
%t%t%10%n
%t%t%11%n
%t%t%12%n
%t%t%13%n
%t%t%14%n
%t%t%15%n
%t%t%16%n
%t%t%17%n
%t%t%18%n
%t%t%19%n
%t%t%20%n
%t%t%21%n
%t%t%22%n
%t%t%23%n
%t%t%24%n
%t%t%25%n
%t%t%26%n
%t%t%27%n
.
;
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_PRIVILEGE_USE //
;// //
;// Event IDs: //
;// SE_AUDITID_ASSIGN_SPECIAL_PRIV //
;// SE_AUDITID_PRIVILEGED_SERVICE //
;// SE_AUDITID_PRIVILEGED_OBJECT //
;// //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_ASSIGN_SPECIAL_PRIV
;//
;// Category: SE_CATEGID_PRIVILEGE_USE
;//
;// Description:
;// When a user logs on, if any one of the following privileges is added
;// to his/her token, this event is generated.
;//
;// - SeChangeNotifyPrivilege
;// - SeAuditPrivilege
;// - SeCreateTokenPrivilege
;// - SeAssignPrimaryTokenPrivilege
;// - SeBackupPrivilege
;// - SeRestorePrivilege
;// - SeDebugPrivilege
;//
;//
;// Parameter Strings -
;//
;// 1 - User name
;//
;// 2 - domain name
;//
;// 3 - Logon ID string
;//
;// 4 - Privilege names (as 1 string, with formatting)
;//
;//
;//
;//
MessageId=0x0240
SymbolicName=SE_AUDITID_ASSIGN_SPECIAL_PRIV
Language=English
Special privileges assigned to new logon:%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon ID:%t%t%3%n
%tPrivileges:%t%4
.
;//
;//
;// SE_AUDITID_PRIVILEGED_SERVICE
;//
;// Category: SE_CATEGID_PRIVILEGE_USE
;//
;// Description:
;// This event is generated when a user makes an attempt to perform
;// a privileged system service operation.
;//
;// Parameter Strings -
;//
;// 1 - server name
;//
;// 2 - service name
;//
;// 3 - Primary User name
;//
;// 4 - Primary domain name
;//
;// 5 - Primary Logon ID string
;//
;// 6 - Client User name (or "-" if not impersonating)
;//
;// 7 - Client domain name (or "-" if not impersonating)
;//
;// 8 - Client Logon ID string (or "-" if not impersonating)
;//
;// 9 - Privilege names (as 1 string, with formatting)
;//
;//
;//
;//
MessageId=0x0241
SymbolicName=SE_AUDITID_PRIVILEGED_SERVICE
Language=English
Privileged Service Called:%n
%tServer:%t%t%1%n
%tService:%t%t%2%n
%tPrimary User Name:%t%3%n
%tPrimary Domain:%t%4%n
%tPrimary Logon ID:%t%5%n
%tClient User Name:%t%6%n
%tClient Domain:%t%7%n
%tClient Logon ID:%t%8%n
%tPrivileges:%t%9
.
;//
;//
;// SE_AUDITID_PRIVILEGED_OBJECT
;//
;// Category: SE_CATEGID_PRIVILEGE_USE
;//
;// Parameter Strings -
;//
;// 1 - object server
;//
;// 2 - object handle (if available)
;//
;// 3 - process ID string
;//
;// 4 - Primary User name
;//
;// 5 - Primary domain name
;//
;// 6 - Primary Logon ID string
;//
;// 7 - Client User name (or "-" if not impersonating)
;//
;// 8 - Client domain name (or "-" if not impersonating)
;//
;// 9 - Client Logon ID string (or "-" if not impersonating)
;//
;// 10 - Privilege names (as 1 string, with formatting)
;//
;//
MessageId=0x0242
SymbolicName=SE_AUDITID_PRIVILEGED_OBJECT
Language=English
Privileged object operation:%n
%tObject Server:%t%1%n
%tObject Handle:%t%2%n
%tProcess ID:%t%3%n
%tPrimary User Name:%t%4%n
%tPrimary Domain:%t%5%n
%tPrimary Logon ID:%t%6%n
%tClient User Name:%t%7%n
%tClient Domain:%t%8%n
%tClient Logon ID:%t%9%n
%tPrivileges:%t%10
.
;
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_DETAILED_TRACKING //
;// //
;// Event IDs: //
;// SE_AUDITID_PROCESS_CREATED //
;// SE_AUDITID_PROCESS_EXIT //
;// SE_AUDITID_DUPLICATE_HANDLE //
;// SE_AUDITID_INDIRECT_REFERENCE //
;// SE_AUDITID_DPAPI_BACKUP //
;// SE_AUDITID_DPAPI_RECOVERY //
;// SE_AUDITID_DPAPI_PROTECT //
;// SE_AUDITID_DPAPI_UNPROTECT //
;// SE_AUDITID_ASSIGN_TOKEN //
;// SE_AUDITID_SERVICE_INSTALL //
;// SE_AUDITID_JOB_CREATED //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_PROCESS_CREATED
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - process ID string
;//
;// 2 - Image file name (if available - otherwise "-")
;//
;// 3 - Creating process's ID
;//
;// 4 - User name (of new process)
;//
;// 5 - domain name (of new process)
;//
;// 6 - Logon ID string (of new process)
;//
MessageId=0x0250
SymbolicName=SE_AUDITID_PROCESS_CREATED
Language=English
A new process has been created:%n
%tNew Process ID:%t%1%n
%tImage File Name:%t%2%n
%tCreator Process ID:%t%3%n
%tUser Name:%t%4%n
%tDomain:%t%t%5%n
%tLogon ID:%t%t%6%n
.
;//
;//
;// SE_AUDITID_PROCESS_EXIT
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - process ID string
;//
;// 2 - image name
;//
;// 3 - User name
;//
;// 4 - domain name
;//
;// 5 - Logon ID string
;//
;//
;//
;//
MessageId=0x0251
SymbolicName=SE_AUDITID_PROCESS_EXIT
Language=English
A process has exited:%n
%tProcess ID:%t%1%n
%tImage File Name:%t%2%n
%tUser Name:%t%3%n
%tDomain:%t%t%4%n
%tLogon ID:%t%t%5%n
.
;//
;//
;// SE_AUDITID_DUPLICATE_HANDLE
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - Origin (source) handle ID string
;//
;// 2 - Origin (source) process ID string
;//
;// 3 - New (Target) handle ID string
;//
;// 4 - Target process ID string
;//
;//
;//
MessageId=0x0252
SymbolicName=SE_AUDITID_DUPLICATE_HANDLE
Language=English
A handle to an object has been duplicated:%n
%tSource Handle ID:%t%1%n
%tSource Process ID:%t%2%n
%tTarget Handle ID:%t%3%n
%tTarget Process ID:%t%4%n
.
;//
;//
;// SE_AUDITID_INDIRECT_REFERENCE
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - Object type
;//
;// 2 - object name (if available - otherwise "-")
;//
;// 3 - ID string of handle used to gain access
;//
;// 3 - server name
;//
;// 4 - process ID string
;//
;// 5 - primary User name
;//
;// 6 - primary domain name
;//
;// 7 - primary logon ID
;//
;// 8 - client User name
;//
;// 9 - client domain name
;//
;// 10 - client logon ID
;//
;// 11 - granted access names (with formatting)
;//
;//
MessageId=0x0253
SymbolicName=SE_AUDITID_INDIRECT_REFERENCE
Language=English
Indirect access to an object has been obtained:%n
%tObject Type:%t%1%n
%tObject Name:%t%2%n
%tProcess ID:%t%3%n
%tPrimary User Name:%t%4%n
%tPrimary Domain:%t%5%n
%tPrimary Logon ID:%t%6%n
%tClient User Name:%t%7%n
%tClient Domain:%t%8%n
%tClient Logon ID:%t%9%n
%tAccesses:%t%10%n
%tAccess Mask:%t%11%n
.
;//
;//
;// SE_AUDITID_DPAPI_BACKUP
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - Master key GUID
;//
;// 2 - Recovery Server
;//
;// 3 - GUID identifier of the recovery key
;//
;// 4 - Failure reason
;//
MessageId=0x0254
SymbolicName=SE_AUDITID_DPAPI_BACKUP
Language=English
Backup of data protection master key.
%n
%tKey Identifier:%t%t%1%n
%tRecovery Server:%t%t%2%n
%tRecovery Key ID:%t%t%3%n
%tFailure Reason:%t%t%4%n
.
;//
;//
;// SE_AUDITID_DPAPI_RECOVERY
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1 - Master key GUID
;//
;// 2 - Recovery Server
;//
;// 3 - Reason for the backup
;//
;// 4 - GUID identifier of the recovery key
;//
;// 5 - Failure reason
;//
MessageId=0x0255
SymbolicName=SE_AUDITID_DPAPI_RECOVERY
Language=English
Recovery of data protection master key.
%n
%tKey Identifier:%t%t%1%n
%tRecovery Reason:%t%t%3%n
%tRecovery Server:%t%t%2%n
%tRecovery Key ID:%t%t%4%n
%tFailure Reason:%t%t%5%n
.
;//
;//
;// SE_AUDITID_DPAPI_PROTECT
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;//
;// 1 - Master key GUID
;//
;// 2 - Data Description
;//
;// 3 - Protected data flags
;//
;// 4 - Algorithms
;//
;// 5 - failure reason
;//
MessageId=0x0256
SymbolicName=SE_AUDITID_DPAPI_PROTECT
Language=English
Protection of auditable protected data.
%n
%tData Description:%t%t%2%n
%tKey Identifier:%t%t%1%n
%tProtected Data Flags:%t%3%n
%tProtection Algorithms:%t%4%n
%tFailure Reason:%t%t%5%n
.
;//
;//
;// SE_AUDITID_DPAPI_UNPROTECT
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;//
;// 1 - Master key GUID
;//
;// 2 - Data Description
;//
;// 3 - Protected data flags
;//
;// 4 - Algorithms
;//
;// 5 - failure reason
;//
MessageId=0x0257
SymbolicName=SE_AUDITID_DPAPI_UNPROTECT
Language=English
Unprotection of auditable protected data.
%n
%tData Description:%t%t%2%n
%tKey Identifier:%t%t%1%n
%tProtected Data Flags:%t%3%n
%tProtection Algorithms:%t%4%n
%tFailure Reason:%t%t%5%n
.
;//
;//
;// SE_AUDITID_ASSIGN_TOKEN
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Parameter Strings -
;//
;// 1. Current Process ID (the process doing the assignment
;// 2. Current Image File Name
;// 3. Current User Name
;// 4. Current Domain
;// 5. Current Logon ID
;//
;// 6. Process ID (of new process)
;// 7. Image Name (of new process)
;// 8. User name (of new process)
;// 9. domain name (of new process)
;// 10. Logon ID string (of new process)
;//
MessageId=0x0258
SymbolicName=SE_AUDITID_ASSIGN_TOKEN
Language=English
A process was assigned a primary token.%n
Assigning Process Information:%n
%tProcess ID:%t%1%n
%tImage File Name:%t%2%n
%tPrimary User Name:%t%3%n
%tPrimary Domain:%t%4%n
%tPrimary Logon ID:%t%5%n
New Process Information:%n
%tProcess ID:%t%6%n
%tImage File Name:%t%7%n
%tTarget User Name:%t%8%n
%tTarget Domain:%t%9%n
%tTarget Logon ID:%t%10%n
.
;//
;//
;// SE_AUDITID_SERVICE_INSTALL
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Event type: success/failure
;//
;// Description:
;// This event is generated when a service is installed
;//
;// Note:
;//
MessageId=0x0259
SymbolicName=SE_AUDITID_SERVICE_INSTALL
Language=English
Attempt to install service:%n
%tService Name:%t%1%n
%tService File Name:%t%2%n
%tService Type:%t%3%n
%tService Start Type:%t%4%n
%tService Account:%t%5%n
By:%n
%tUser Name:%t%6%n
%tDomain:%t%t%7%n
%tLogon ID:%t%t%8%n
.
;//
;//
;// SE_AUDITID_JOB_CREATED
;//
;// Category: SE_CATEGID_DETAILED_TRACKING
;//
;// Event type: success/failure
;//
;// Description:
;// This event is generated when a scheduler job is created
;// File Name is the name of the file in the Tasks folder.
;// Task Time, Days of Month, Days of Week, Flags and Commandline
;// are taken from the AT_INFO structure.
;// Target Name and Target Domain are the user account the job
;// is to run as. This event is generated by the task scheduler
;// through for example the AT command.
;//
;// Note:
;//
MessageId=0x025A
SymbolicName=SE_AUDITID_JOB_CREATED
Language=English
Scheduled Task created:%n
%tFile Name:%t%1%n
%tCommand:%t%2%n
%tTriggers:%t%t%3%n
%tTime:%t%t%4 %5%n
%tFlags:%t%t%6%n
%tTarget User:%t%7%n
By:%n
%tUser:%t%t%8%n
%tDomain:%t%t%9%n
%tLogon ID:%t%t%10%n
.
;
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_POLICY_CHANGE //
;// //
;// Event IDs: //
;// SE_AUDITID_USER_RIGHT_ASSIGNED //
;// SE_AUDITID_USER_RIGHT_REMOVED //
;// SE_AUDITID_TRUSTED_DOMAIN_ADD //
;// SE_AUDITID_TRUSTED_DOMAIN_REM //
;// SE_AUDITID_TRUSTED_DOMAIN_MOD //
;// SE_AUDITID_POLICY_CHANGE //
;// SE_AUDITID_IPSEC_POLICY_START //
;// SE_AUDITID_IPSEC_POLICY_DISABLED //
;// SE_AUDITID_IPSEC_POLICY_CHANGED //
;// SE_AUDITID_IPSEC_POLICY_FAILURE //
;// SE_AUDITID_SYSTEM_ACCESS_CHANGE //
;// SE_AUDITID_NAMESPACE_COLLISION //
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_ADD //
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_REM //
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_MOD //
;// SE_AUDITID_PER_USER_AUDIT_TABLE_CREATION //
;// SE_AUDITID_PER_USER_AUDIT_TABLE_ELEMENT_CREATION //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_USER_RIGHT_ASSIGNED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - User right name
;//
;// 2 - SID string of account assigned the user right
;//
;// 3 - User name of subject assigning the right
;//
;// 4 - Domain name of subject assigning the right
;//
;// 5 - Logon ID string of subject assigning the right
;//
;//
;//
MessageId=0x0260
SymbolicName=SE_AUDITID_USER_RIGHT_ASSIGNED
Language=English
User Right Assigned:%n
%tUser Right:%t%1%n
%tAssigned To:%t%2%n
%tAssigned By:%n
%t User Name:%t%3%n
%t Domain:%t%t%4%n
%t Logon ID:%t%5%n
.
;//
;//
;// SE_AUDITID_USER_RIGHT_REMOVED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - User right name
;//
;// 2 - SID string of account from which the user
;// right was removed
;//
;// 3 - User name of subject removing the right
;//
;// 4 - Domain name of subject removing the right
;//
;// 5 - Logon ID string of subject removing the right
;//
;//
MessageId=0x0261
SymbolicName=SE_AUDITID_USER_RIGHT_REMOVED
Language=English
User Right Removed:%n
%tUser Right:%t%1%n
%tRemoved From:%t%2%n
%tRemoved By:%n
%t User Name:%t%3%n
%t Domain:%t%t%4%n
%t Logon ID:%t%5%n
.
;//
;//
;// SE_AUDITID_TRUSTED_DOMAIN_ADD
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success/failure
;//
;// Description:
;// This event is generated when somebody creates a trust relationship
;// with another domain.
;//
;// Note:
;// It is recorded on the domain controller on which
;// the trusted domain object (TDO) is created and not on any other
;// domain controller to which the TDO creation replicates.
;//
MessageId=0x0262
SymbolicName=SE_AUDITID_TRUSTED_DOMAIN_ADD
Language=English
New Trusted Domain:%n
%tDomain Name:%t%1%n
%tDomain ID:%t%2%n
%tEstablished By:%n
%t User Name:%t%3%n
%t Domain:%t%t%4%n
%t Logon ID:%t%5%n
%tTrust Type:%t%6%n
%tTrust Direction:%t%7%n
%tTrust Attributes:%t%8%n
%tSID Filtering:%t%9%n
.
;//
;//
;// SE_AUDITID_TRUSTED_DOMAIN_REM
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success/failure
;//
;// Description:
;// This event is generated when somebody removes a trust relationship
;// with another domain.
;//
;// Note:
;// It is recorded on the domain controller on which
;// the trusted domain object (TDO) is deleted and not on any other
;// domain controller to which the TDO deletion replicates.
;//
MessageId=0x0263
SymbolicName=SE_AUDITID_TRUSTED_DOMAIN_REM
Language=English
Trusted Domain Removed:%n
%tDomain Name:%t%1%n
%tDomain ID:%t%2%n
%tRemoved By:%n
%t User Name:%t%3%n
%t Domain:%t%t%4%n
%t Logon ID:%t%5%n
.
;//
;//
;// SE_AUDITID_POLICY_CHANGE
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - System success audit status ("+" or "-")
;// 2 - System failure audit status ("+" or "-")
;//
;// 3 - Logon/Logoff success audit status ("+" or "-")
;// 4 - Logon/Logoff failure audit status ("+" or "-")
;//
;// 5 - Object Access success audit status ("+" or "-")
;// 6 - Object Access failure audit status ("+" or "-")
;//
;// 7 - Detailed Tracking success audit status ("+" or "-")
;// 8 - Detailed Tracking failure audit status ("+" or "-")
;//
;// 9 - Privilege Use success audit status ("+" or "-")
;// 10 - Privilege Use failure audit status ("+" or "-")
;//
;// 11 - Policy Change success audit status ("+" or "-")
;// 12 - Policy Change failure audit status ("+" or "-")
;//
;// 13 - Account Management success audit status ("+" or "-")
;// 14 - Account Management failure audit status ("+" or "-")
;//
;// 15 - Directory Service access success audit status ("+" or "-")
;// 16 - Directory Service access failure audit status ("+" or "-")
;//
;// 17 - Account Logon success audit status ("+" or "-")
;// 18 - Account Logon failure audit status ("+" or "-")
;//
;// 19 - Account Name of user that changed the policy
;//
;// 20 - Domain of user that changed the policy
;//
;// 21 - Logon ID of user that changed the policy
;//
;//
MessageId=0x0264
SymbolicName=SE_AUDITID_POLICY_CHANGE
Language=English
Audit Policy Change:%n
New Policy:%n
%tSuccess%tFailure%n
%t %3%t %4%tLogon/Logoff%n
%t %5%t %6%tObject Access%n
%t %7%t %8%tPrivilege Use%n
%t %13%t %14%tAccount Management%n
%t %11%t %12%tPolicy Change%n
%t %1%t %2%tSystem%n
%t %9%t %10%tDetailed Tracking%n
%t %15%t %16%tDirectory Service Access%n
%t %17%t %18%tAccount Logon%n%n
Changed By:%n
%t User Name:%t%19%n
%t Domain Name:%t%20%n
%t Logon ID:%t%21
.
;//
;//
;// SE_AUDITID_IPSEC_POLICY_START
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - Ipsec Policy Agent
;//
;// 2 - Policy Source
;//
;// 3 - Event Data
;//
;//
MessageId=0x0265
SymbolicName=SE_AUDITID_IPSEC_POLICY_START
Language=English
IPSec Services started: %t%1%n
Policy Source: %t%2%n
%3%n
.
;//
;//
;// SE_AUDITID_IPSEC_POLICY_DISABLED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - Ipsec Policy Agent
;//
;// 2 - Event Data
;//
;//
MessageId=0x0266
SymbolicName=SE_AUDITID_IPSEC_POLICY_DISABLED
Language=English
IPSec Services disabled: %t%1%n
%2%n
.
;//
;//
;// SE_AUDITID_IPSEC_POLICY_CHANGED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - Event Data
;//
;//
MessageId=0x0267
SymbolicName=SE_AUDITID_IPSEC_POLICY_CHANGED
Language=English
IPSec Services: %t%1%n
.
;//
;//
;// SE_AUDITID_IPSEC_POLICY_FAILURE
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - Event Data
;//
;//
MessageId=0x0268
SymbolicName=SE_AUDITID_IPSEC_POLICY_FAILURE
Language=English
IPSec Services encountered a potentially serious failure.%n
%1%n
.
;//
;//
;// SE_AUDITID_KERBEROS_POLICY_CHANGE
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - user account name
;//
;// 2 - domain name of user
;//
;// 3 - logon ID of user
;//
;// 4 - description of the change made
;//
;//
MessageId=0x0269
SymbolicName=SE_AUDITID_KERBEROS_POLICY_CHANGE
Language=English
Kerberos Policy Changed:%n
Changed By:%n
%t User Name:%t%1%n
%t Domain Name:%t%2%n
%t Logon ID:%t%3%n
Changes made:%n
('--' means no changes, otherwise each change is shown as:%n
<ParameterName>: <new value> (<old value>))%n
%4%n
.
;//
;//
;// SE_AUDITID_EFS_POLICY_CHANGE
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - user account name
;//
;// 2 - domain name of user
;//
;// 3 - logon ID of user
;//
;// 4 - description of the change made
;//
;//
MessageId=0x026a
SymbolicName=SE_AUDITID_EFS_POLICY_CHANGE
Language=English
Encrypted Data Recovery Policy Changed:%n
Changed By:%n
%t User Name:%t%1%n
%t Domain Name:%t%2%n
%t Logon ID:%t%3%n
Changes made:%n
('--' means no changes, otherwise each change is shown as:%n
<ParameterName>: <new value> (<old value>))%n
%4%n
.
;//
;//
;// SE_AUDITID_TRUSTED_DOMAIN_MOD
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success/failure
;//
;// Description:
;// This event is generated when somebody modifies a trust relationship
;// with another domain.
;//
;// Note:
;// It is recorded on the domain controller on which
;// the trusted domain object (TDO) is modified and not on any other
;// domain controller to which the TDO modification replicates.
;//
MessageId=0x026C
SymbolicName=SE_AUDITID_TRUSTED_DOMAIN_MOD
Language=English
Trusted Domain Information Modified:%n
%tDomain Name:%t%1%n
%tDomain ID:%t%2%n
%tModified By:%n
%t User Name:%t%3%n
%t Domain:%t%t%4%n
%t Logon ID:%t%5%n
%tTrust Type:%t%6%n
%tTrust Direction:%t%7%n
%tTrust Attributes:%t%8%n
%tSID Filtering:%t%9%n
.
;//
;//
;// SE_AUDITID_SYSTEM_ACCESS_GRANTED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - User right name
;//
;// 2 - SID string of account for which the user
;// right was affected
;//
;// 3 - User name of subject changing the right
;//
;// 4 - Domain name of subject changing the right
;//
;// 5 - Logon ID string of subject changing the right
;//
;//
MessageId=0x026d
SymbolicName=SE_AUDITID_SYSTEM_ACCESS_GRANTED
Language=English
System Security Access Granted:%n
%tAccess Granted:%t%4%n
%tAccount Modified:%t%5%n
%tAssigned By:%n
%t User Name:%t%1%n
%t Domain:%t%t%2%n
%t Logon ID:%t%3%n
.
;//
;//
;// SE_AUDITID_SYSTEM_ACCESS_REMOVED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - User right name
;//
;// 2 - SID string of account for which the user
;// right was affected
;//
;// 3 - User name of subject changing the right
;//
;// 4 - Domain name of subject changing the right
;//
;// 5 - Logon ID string of subject changing the right
;//
;//
MessageId=0x026e
SymbolicName=SE_AUDITID_SYSTEM_ACCESS_REMOVED
Language=English
System Security Access Removed:%n
%tAccess Removed:%t%4%n
%tAccount Modified:%t%5%n
%tRemoved By:%n
%t User Name:%t%1%n
%t Domain:%t%t%2%n
%t Logon ID:%t%3%n
.
;//
;//
;// SE_AUDITID_NAMESPACE_COLLISION
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// When a namespace element in one forest overlaps a namespace element in
;// some other forest, it can lead to ambiguity in resolving a name
;// belonging to one of the namespace elements. This overlap is also called
;// a collision.This event is generated when such a collision is detected.
;//
;// Note:
;// Not all fields are valid for each entry type.
;// For example, fields like DNS name, NetBIOS name and SID are not valid
;// for an entry of type 'TopLevelName'.
;//
MessageId=0x0300
SymbolicName=SE_AUDITID_NAMESPACE_COLLISION
Language=English
Namespace collision detected:%n
%tTarget type:%t%1%n
%tTarget name:%t%2%n
%tForest Root:%t%3%n
%tTop Level Name:%t%4%n
%tDNS Name:%t%5%n
%tNetBIOS Name:%t%6%n
%tSID:%t%t%7%n
%tNew Flags:%t%8%n
.
;//
;//
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_ADD
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the forest trust information is updated and
;// one or more entries get added. One such audit event is generated
;// per added entry. If multiple entries get added, deleted or modified
;// in a single update of the forest trust information, all the generated
;// audit events will have a single unique identifier called OperationID.
;// This allows one to determine that the multiple generated audits are
;// the result of a single operation.
;//
;// Note:
;// Not all fields are valid for each entry type.
;// For example, fields like DNS name, NetBIOS name and SID are not valid
;// for an entry of type 'TopLevelName'.
;//
MessageId=0x0301
SymbolicName=SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_ADD
Language=English
Trusted Forest Information Entry Added:%n
%tForest Root:%t%1%n
%tForest Root SID:%t%2%n
%tOperation ID:%t{%3,%4}%n
%tEntry Type:%t%5%n
%tFlags:%t%t%6%n
%tTop Level Name:%t%7%n
%tDNS Name:%t%8%n
%tNetBIOS Name:%t%9%n
%tDomain SID:%t%10%n
%tAdded by%t:%n
%tClient User Name:%t%11%n
%tClient Domain:%t%12%n
%tClient Logon ID:%t%13%n
.
;//
;//
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_REM
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the forest trust information is updated and
;// one or more entries get deleted. One such audit event is generated
;// per deleted entry. If multiple entries get added, deleted or modified
;// in a single update of the forest trust information, all the generated
;// audit events will have a single unique identifier called OperationID.
;// This allows one to determine that the multiple generated audits are
;// the result of a single operation.
;//
;// Note:
;// Not all fields are valid for each entry type.
;// For example, fields like DNS name, NetBIOS name and SID are not valid
;// for an entry of type 'TopLevelName'.
;//
MessageId=0x0302
SymbolicName=SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_REM
Language=English
Trusted Forest Information Entry Removed:%n
%tForest Root:%t%1%n
%tForest Root SID:%t%2%n
%tOperation ID:%t{%3,%4}%n
%tEntry Type:%t%5%n
%tFlags:%t%t%6%n
%tTop Level Name:%t%7%n
%tDNS Name:%t%8%n
%tNetBIOS Name:%t%9%n
%tDomain SID:%t%10%n
%tRemoved by%t:%n
%tClient User Name:%t%11%n
%tClient Domain:%t%12%n
%tClient Logon ID:%t%13%n
.
;//
;//
;// SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_MOD
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the forest trust information is updated and
;// one or more entries get modified. One such audit event is generated
;// per modified entry. If multiple entries get added, deleted or modified
;// in a single update of the forest trust information, all the generated
;// audit events will have a single unique identifier called OperationID.
;// This allows one to determine that the multiple generated audits are
;// the result of a single operation.
;//
;// Note:
;// Not all fields are valid for each entry type.
;// For example, fields like DNS name, NetBIOS name and SID are not valid
;// for an entry of type 'TopLevelName'.
;//
MessageId=0x0303
SymbolicName=SE_AUDITID_TRUSTED_FOREST_INFO_ENTRY_MOD
Language=English
Trusted Forest Information Entry Modified:%n
%tForest Root:%t%1%n
%tForest Root SID:%t%2%n
%tOperation ID:%t{%3,%4}%n
%tEntry Type:%t%5%n
%tFlags:%t%t%6%n
%tTop Level Name:%t%7%n
%tDNS Name:%t%8%n
%tNetBIOS Name:%t%9%n
%tDomain SID:%t%10%n
%tModified by%t:%n
%tClient User Name:%t%11%n
%tClient Domain:%t%12%n
%tClient Logon ID:%t%13%n
.
;//
;//
;// SE_AUDITID_SECURITY_LOG_CONFIG
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the eventlog service reads security log
;// configuration from the registry key:
;// SYSTEM\CurrentControlSet\Services\Eventlog\Security
;// This event is generated in the context in which eventlog runs. The
;// registry key has a SACL so that it is possible to find out the user
;// who changed the key.
;//
;// Parameters:
;// 1 : max size in KB
;//
;// 2 : Action to take on reaching max log size
;// 1 --> overwrite events as needed
;// 2 --> overwrite events older than the limit specified
;// in parameter 3
;// 3 --> do not overwrite
;//
;// 3 : Event age limit. Applicable only if value param 2 is 2
;//
;// Note:
;//
MessageId=0x0325
SymbolicName=SE_AUDITID_SECURITY_LOG_CONFIG
Language=English
Configuration of security log for this session:
%tMaximum Log Size (KB): %1%n
%tAction to take on reaching max log size: %2%n
%tEvent age limit in days: %3%n
.
;//
;//
;// SE_AUDITID_PER_USER_AUDIT_TABLE_CREATION
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the LSA per user audit policy is
;// created or recreated.
;//
MessageId=0x0326
SymbolicName=SE_AUDITID_PER_USER_AUDIT_TABLE_CREATION
Language=English
Per User Audit Policy was refreshed.%n
%tNumber of elements:%t%1%n
%tPolicy ID:%t%2%n
.
;//
;//
;// SE_AUDITID_PER_USER_AUDIT_TABLE_ELEMENT_CREATION
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;// This event is generated when the per user audit policy table is
;// created. An instance of the audit is generated for each element
;// contained in the peruser table.
;//
;// Note:
;//
MessageId=0x0327
SymbolicName=SE_AUDITID_PER_USER_AUDIT_TABLE_ELEMENT_CREATION
Language=English
Per user auditing policy set for user:%n
%tTarget user:%t%1%n
%tPolicy ID:%t%2%n
%tCategory Settings:%n
%t System:%t%3%n
%t Logon:%t%4%n
%t Object Access%t%5%n
%t Privilege Use:%t%6%n
%t Detailed Tracking:%t%7%n
%t Policy Change:%t%8%n
%t Account Management:%t%9%n
%t DS Access:%t%10%n
%t Account Logon:%t%11%n
.
;//
;//
;// SE_AUDITID_SECURITY_EVENT_SOURCE_REGISTERED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;//
;// Note:
;//
MessageId=0x0328
SymbolicName=SE_AUDITID_SECURITY_EVENT_SOURCE_REGISTERED
Language=English
A security event source has attempted to register.%n
%tPrimary User Name:%t%1%n
%tPrimary Domain:%t%2%n
%tPrimary Logon ID:%t%3%n
%tClient User Name:%t%4%n
%tClient Domain:%t%5%n
%tClient Logon ID:%t%6%n
%tSource Name:%t%7%n
%tProcess Id:%t%8%n
%tEvent Source Id:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_EVENT_SOURCE_UNREGISTERED
;//
;// Category: SE_CATEGID_POLICY_CHANGE
;//
;// Event type: success
;//
;// Description:
;//
;// Note:
;//
MessageId=0x0329
SymbolicName=SE_AUDITID_SECURITY_EVENT_SOURCE_UNREGISTERED
Language=English
A security event source has attempted to unregister.%n
%tPrimary User Name:%t%1%n
%tPrimary Domain:%t%2%n
%tPrimary Logon ID:%t%3%n
%tClient User Name:%t%4%n
%tClient Domain:%t%5%n
%tClient Logon ID:%t%6%n
%tSource Name:%t%7%n
%tProcess Id:%t%8%n
%tEvent Source Id:%t%9%n
.
;
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_ACCOUNT_MANAGEMENT //
;// //
;// Event IDs: //
;// SE_AUDITID_USER_CREATED //
;// SE_AUDITID_USER_CHANGE //
;// SE_AUDITID_ACCOUNT_TYPE_CHANGE //
;// SE_AUDITID_USER_ENABLED //
;// SE_AUDITID_USER_PWD_CHANGED //
;// SE_AUDITID_USER_PWD_SET //
;// SE_AUDITID_USER_DISABLED //
;// SE_AUDITID_USER_DELETED //
;// //
;// SE_AUDITID_COMPUTER_CREATED //
;// SE_AUDITID_COMPUTER_CHANGE //
;// SE_AUDITID_COMPUTER_DELETED //
;// //
;// SE_AUDITID_GLOBAL_GROUP_CREATED //
;// SE_AUDITID_GLOBAL_GROUP_CHANGE //
;// SE_AUDITID_GLOBAL_GROUP_ADD //
;// SE_AUDITID_GLOBAL_GROUP_REM //
;// SE_AUDITID_GLOBAL_GROUP_DELETED //
;// SE_AUDITID_LOCAL_GROUP_CREATED //
;// SE_AUDITID_LOCAL_GROUP_CHANGE //
;// SE_AUDITID_LOCAL_GROUP_ADD //
;// SE_AUDITID_LOCAL_GROUP_REM //
;// SE_AUDITID_LOCAL_GROUP_DELETED //
;// //
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CREATED //
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CHANGE //
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_ADD //
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_REM //
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_DELETED //
;// //
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CREATED //
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CHANGE //
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_ADD //
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_REM //
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_DELETED //
;// //
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CREATED //
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CHANGE //
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_ADD //
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_REM //
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_DELETED //
;// //
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CREATED //
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CHANGE //
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_ADD //
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_REM //
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_DELETED //
;// //
;// SE_AUDITID_APP_BASIC_GROUP_CREATED //
;// SE_AUDITID_APP_BASIC_GROUP_CHANGE //
;// SE_AUDITID_APP_BASIC_GROUP_ADD //
;// SE_AUDITID_APP_BASIC_GROUP_REM //
;// SE_AUDITID_APP_BASIC_GROUP_NM_ADD //
;// SE_AUDITID_APP_BASIC_GROUP_NM_REM //
;// SE_AUDITID_APP_BASIC_GROUP_DELETED //
;// //
;// SE_AUDITID_APP_QUERY_GROUP_CREATED //
;// SE_AUDITID_APP_QUERY_GROUP_CHANGE //
;// SE_AUDITID_APP_QUERY_GROUP_DELETED //
;// //
;// SE_AUDITID_GROUP_TYPE_CHANGE //
;// //
;// SE_AUDITID_ADD_SID_HISTORY //
;// //
;// SE_AUDITID_OTHER_ACCT_CHANGE //
;// SE_AUDITID_DOMAIN_POLICY_CHANGE //
;// SE_AUDITID_ACCOUNT_AUTO_LOCKED //
;// SE_AUDITID_ACCOUNT_UNLOCKED //
;// SE_AUDITID_SECURE_ADMIN_GROUP //
;// //
;// SE_AUDITID_PASSWORD_POLICY_API_CALLED //
;// //
;// SE_AUDITID_DSRM_PASSWORD_SET //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_USER_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new user account
;//
;// 2 - domain of new user account
;//
;// 3 - SID string of new user account
;//
;// 4 - User name of subject creating the user account
;//
;// 5 - Domain name of subject creating the user account
;//
;// 6 - Logon ID string of subject creating the user account
;//
;// 7 - Privileges used to create the user account
;//
;//
MessageId=0x0270
SymbolicName=SE_AUDITID_USER_CREATED
Language=English
User Account Created:%n
%tNew Account Name:%t%1%n
%tNew Domain:%t%2%n
%tNew Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges%t%t%7%n
Attributes:%n
%tSam Account Name:%t%8%n
%tDisplay Name:%t%9%n
%tUser Principal Name:%t%10%n
%tHome Directory:%t%11%n
%tHome Drive:%t%12%n
%tScript Path:%t%13%n
%tProfile Path:%t%14%n
%tUser Workstations:%t%15%n
%tPassword Last Set:%t%16%n
%tAccount Expires:%t%17%n
%tPrimary Group ID:%t%18%n
%tAllowedToDelegateTo:%t%19%n
%tOld UAC Value:%t%20%n
%tNew UAC Value:%t%21%n
%tUser Account Control:%t%22%n
%tUser Parameters:%t%23%n
%tSid History:%t%24%n
%tLogon Hours:%t%25%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_TYPE_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// MessageId 0x271 unused
;//
;//
;//
;// SE_AUDITID_USER_ENABLED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0272
SymbolicName=SE_AUDITID_USER_ENABLED
Language=English
User Account Enabled:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
.
;//
;//
;// SE_AUDITID_USER_PWD_CHANGED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0273
SymbolicName=SE_AUDITID_USER_PWD_CHANGED
Language=English
Change Password Attempt:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_USER_PWD_SET
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0274
SymbolicName=SE_AUDITID_USER_PWD_SET
Language=English
User Account password set:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
.
;//
;//
;// SE_AUDITID_USER_DISABLED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0275
SymbolicName=SE_AUDITID_USER_DISABLED
Language=English
User Account Disabled:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
.
;//
;//
;// SE_AUDITID_USER_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0276
SymbolicName=SE_AUDITID_USER_DELETED
Language=English
User Account Deleted:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_GLOBAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x0277
SymbolicName=SE_AUDITID_GLOBAL_GROUP_CREATED
Language=English
Security Enabled Global Group Created:%n
%tNew Account Name:%t%1%n
%tNew Domain:%t%2%n
%tNew Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_GLOBAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0278
SymbolicName=SE_AUDITID_GLOBAL_GROUP_ADD
Language=English
Security Enabled Global Group Member Added:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_GLOBAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0279
SymbolicName=SE_AUDITID_GLOBAL_GROUP_REM
Language=English
Security Enabled Global Group Member Removed:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_GLOBAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x027A
SymbolicName=SE_AUDITID_GLOBAL_GROUP_DELETED
Language=English
Security Enabled Global Group Deleted:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_LOCAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x027B
SymbolicName=SE_AUDITID_LOCAL_GROUP_CREATED
Language=English
Security Enabled Local Group Created:%n
%tNew Account Name:%t%1%n
%tNew Domain:%t%2%n
%tNew Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_LOCAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x027C
SymbolicName=SE_AUDITID_LOCAL_GROUP_ADD
Language=English
Security Enabled Local Group Member Added:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_LOCAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x027D
SymbolicName=SE_AUDITID_LOCAL_GROUP_REM
Language=English
Security Enabled Local Group Member Removed:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_LOCAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x027E
SymbolicName=SE_AUDITID_LOCAL_GROUP_DELETED
Language=English
Security Enabled Local Group Deleted:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_LOCAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x027F
SymbolicName=SE_AUDITID_LOCAL_GROUP_CHANGE
Language=English
Security Enabled Local Group Changed:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Changed Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_OTHER_ACCOUNT_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - Type of change (sigh, this isn't localizable)
;//
;// 2 - Type of changed object
;//
;// 3 - SID string (of changed object)
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0280
SymbolicName=SE_AUDITID_OTHER_ACCOUNT_CHANGE
Language=English
General Account Database Change:%n
%tType of change:%t%1%n
%tObject Type:%t%2%n
%tObject Name:%t%3%n
%tObject ID:%t%4%n
%tCaller User Name:%t%5%n
%tCaller Domain:%t%6%n
%tCaller Logon ID:%t%7%n
.
;//
;//
;// SE_AUDITID_GLOBAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0281
SymbolicName=SE_AUDITID_GLOBAL_GROUP_CHANGE
Language=English
Security Enabled Global Group Changed:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Changed Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_USER_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0282
SymbolicName=SE_AUDITID_USER_CHANGE
Language=English
User Account Changed:%n
%tTarget Account Name:%t%2%n
%tTarget Domain:%t%3%n
%tTarget Account ID:%t%4%n
%tCaller User Name:%t%5%n
%tCaller Domain:%t%6%n
%tCaller Logon ID:%t%7%n
%tPrivileges:%t%8%n
Changed Attributes:%n
%tSam Account Name:%t%9%n
%tDisplay Name:%t%10%n
%tUser Principal Name:%t%11%n
%tHome Directory:%t%12%n
%tHome Drive:%t%13%n
%tScript Path:%t%14%n
%tProfile Path:%t%15%n
%tUser Workstations:%t%16%n
%tPassword Last Set:%t%17%n
%tAccount Expires:%t%18%n
%tPrimary Group ID:%t%19%n
%tAllowedToDelegateTo:%t%20%n
%tOld UAC Value:%t%21%n
%tNew UAC Value:%t%22%n
%tUser Account Control:%t%23%n
%tUser Parameters:%t%24%n
%tSid History:%t%25%n
%tLogon Hours:%t%26%n
.
;//
;//
;// SE_AUDITID_DOMAIN_POLICY_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - (unused)
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0283
SymbolicName=SE_AUDITID_DOMAIN_POLICY_CHANGE
Language=English
Domain Policy Changed: %1 modified%n
%tDomain Name:%t%t%2%n
%tDomain ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Changed Attributes:%n
%tMin. Password Age:%t%8%n
%tMax. Password Age:%t%9%n
%tForce Logoff:%t%10%n
%tLockout Threshold:%t%11%n
%tLockout Observation Window:%t%12%n
%tLockout Duration:%t%13%n
%tPassword Properties:%t%14%n
%tMin. Password Length:%t%15%n
%tPassword History Length:%t%16%n
%tMachine Account Quota:%t%17%n
%tMixed Domain Mode:%t%18%n
%tDomain Behavior Version:%t%19%n
%tOEM Information:%t%20%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_AUTO_LOCKED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Type: success / failure
;//
;// Description: This event is generated when an account is auto locked. This happens
;// when a user attempts to log in unsuccessfully multiple times. The exact
;// number of times is specified by the administrator.
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x0284
SymbolicName=SE_AUDITID_ACCOUNT_AUTO_LOCKED
Language=English
User Account Locked Out:%n
%tTarget Account Name:%t%1%n
%tTarget Account ID:%t%3%n
%tCaller Machine Name:%t%2%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
.
;//
;//
;// SE_AUDITID_COMPUTER_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new computer account
;//
;// 2 - domain of new computer account
;//
;// 3 - SID string of new computer account
;//
;// 4 - User name of subject creating the computer account
;//
;// 5 - Domain name of subject creating the computer account
;//
;// 6 - Logon ID string of subject creating the computer account
;//
;// 7 - Privileges used to create the computer account
;//
;//
MessageId=0x0285
SymbolicName=SE_AUDITID_COMPUTER_CREATED
Language=English
Computer Account Created:%n
%tNew Account Name:%t%1%n
%tNew Domain:%t%2%n
%tNew Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges%t%t%7%n
Attributes:%n
%tSam Account Name:%t%8%n
%tDisplay Name:%t%9%n
%tUser Principal Name:%t%10%n
%tHome Directory:%t%11%n
%tHome Drive:%t%12%n
%tScript Path:%t%13%n
%tProfile Path:%t%14%n
%tUser Workstations:%t%15%n
%tPassword Last Set:%t%16%n
%tAccount Expires:%t%17%n
%tPrimary Group ID:%t%18%n
%tAllowedToDelegateTo:%t%19%n
%tOld UAC Value:%t%20%n
%tNew UAC Value:%t%21%n
%tUser Account Control:%t%22%n
%tUser Parameters:%t%23%n
%tSid History:%t%24%n
%tLogon Hours:%t%25%n
%tDNS Host Name:%t%26%n
%tService Principal Names:%t%27%n
.
;//
;//
;// SE_AUDITID_COMPUTER_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target computer account
;//
;// 2 - domain of target computer account
;//
;// 3 - SID string of target computer account
;//
;// 4 - User name of subject changing the computer account
;//
;// 5 - Domain name of subject changing the computer account
;//
;// 6 - Logon ID string of subject changing the computer account
;//
;//
MessageId=0x0286
SymbolicName=SE_AUDITID_COMPUTER_CHANGE
Language=English
Computer Account Changed:%n
%t%1%n
%tTarget Account Name:%t%2%n
%tTarget Domain:%t%3%n
%tTarget Account ID:%t%4%n
%tCaller User Name:%t%5%n
%tCaller Domain:%t%6%n
%tCaller Logon ID:%t%7%n
%tPrivileges:%t%8%n
Changed Attributes:%n
%tSam Account Name:%t%9%n
%tDisplay Name:%t%10%n
%tUser Principal Name:%t%11%n
%tHome Directory:%t%12%n
%tHome Drive:%t%13%n
%tScript Path:%t%14%n
%tProfile Path:%t%15%n
%tUser Workstations:%t%16%n
%tPassword Last Set:%t%17%n
%tAccount Expires:%t%18%n
%tPrimary Group ID:%t%19%n
%tAllowedToDelegateTo:%t%20%n
%tOld UAC Value:%t%21%n
%tNew UAC Value:%t%22%n
%tUser Account Control:%t%23%n
%tUser Parameters:%t%24%n
%tSid History:%t%25%n
%tLogon Hours:%t%26%n
%tDNS Host Name:%t%27%n
%tService Principal Names:%t%28%n
.
;//
;//
;// SE_AUDITID_COMPUTER_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0287
SymbolicName=SE_AUDITID_COMPUTER_DELETED
Language=English
Computer Account Deleted:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0288
SymbolicName=SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CREATED
Language=English
Security Disabled Local Group Created:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0289
SymbolicName=SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_CHANGE
Language=English
Security Disabled Local Group Changed:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Changed Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x028A
SymbolicName=SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_ADD
Language=English
Security Disabled Local Group Member Added:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x028B
SymbolicName=SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_REM
Language=English
Security Disabled Local Group Member Removed:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x028C
SymbolicName=SE_AUDITID_SECURITY_DISABLED_LOCAL_GROUP_DELETED
Language=English
Security Disabled Local Group Deleted:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x028D
SymbolicName=SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CREATED
Language=English
Security Disabled Global Group Created:%n
%tNew Account Name:%t%1%n
%tNew Domain:%t%2%n
%tNew Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x028E
SymbolicName=SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_CHANGE
Language=English
Security Disabled Global Group Changed:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Changed Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x028F
SymbolicName=SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_ADD
Language=English
Security Disabled Global Group Member Added:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0290
SymbolicName=SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_REM
Language=English
Security Disabled Global Group Member Removed:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0291
SymbolicName=SE_AUDITID_SECURITY_DISABLED_GLOBAL_GROUP_DELETED
Language=English
Security Disabled Global Group Deleted:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x0292
SymbolicName=SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CREATED
Language=English
Security Enabled Universal Group Created:%n
%tNew Account Name:%t%1%n
%tNew Domain:%t%2%n
%tNew Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0293
SymbolicName=SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_CHANGE
Language=English
Security Enabled Universal Group Changed:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Changed Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0294
SymbolicName=SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_ADD
Language=English
Security Enabled Universal Group Member Added:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0295
SymbolicName=SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_REM
Language=English
Security Enabled Universal Group Member Removed:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0296
SymbolicName=SE_AUDITID_SECURITY_ENABLED_UNIVERSAL_GROUP_DELETED
Language=English
Security Enabled Universal Group Deleted:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CREATED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x0297
SymbolicName=SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CREATED
Language=English
Security Disabled Universal Group Created:%n
%tNew Account Name:%t%1%n
%tNew Domain:%t%2%n
%tNew Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0298
SymbolicName=SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_CHANGE
Language=English
Security Disabled Universal Group Changed:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Changed Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_ADD
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being added
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x0299
SymbolicName=SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_ADD
Language=English
Security Disabled Universal Group Member Added:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_REM
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of member being removed
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x029A
SymbolicName=SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_REM
Language=English
Security Disabled Universal Group Member Removed:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_DELETED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x029B
SymbolicName=SE_AUDITID_SECURITY_DISABLED_UNIVERSAL_GROUP_DELETED
Language=English
Security Disabled Universal Group Deleted:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_GROUP_TYPE_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - nature of group type change
;//
;// 2 - name of target account
;//
;// 3 - domain of target account
;//
;// 4 - SID string of target account
;//
;// 5 - User name of subject changing the account
;//
;// 6 - Domain name of subject changing the account
;//
;// 7 - Logon ID string of subject changing the account
;//
;//
MessageId=0x029C
SymbolicName=SE_AUDITID_GROUP_TYPE_CHANGE
Language=English
Group Type Changed:%n
%t%1%n
%tTarget Account Name:%t%2%n
%tTarget Domain:%t%3%n
%tTarget Account ID:%t%4%n
%tCaller User Name:%t%5%n
%tCaller Domain:%t%6%n
%tCaller Logon ID:%t%7%n
%tPrivileges:%t%8%n
.
;//
;//
;// SE_AUDITID_ADD_SID_HISTORY
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - SID string of the source account
;//
;// 2 - Name of the source account (including domain name)
;//
;// 3 - Name of the target account
;//
;// 4 - Domain name of subject changing the SID history
;//
;// 5 - SID String of the target account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x029D
SymbolicName=SE_AUDITID_ADD_SID_HISTORY
Language=English
Add SID History:%n
%tSource Account Name:%t%1%n
%tSource Account ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
%tSidList:%t%10%n
.
;//
;//
;// SE_AUDITID_ADD_SID_HISTORY_FAILURE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Note:
;// This event is obsolete. It is not generated by Whistler.
;// It is retained in this file so that anybody viewing w2k events
;// from a whistler machine can view them correctly.
;//
;//
;//
MessageId=0x029E
SymbolicName=SE_AUDITID_ADD_SID_HISTORY_FAILURE
Language=English
Add SID History:%n
%tSource Account Name:%t%1%n
%tTarget Account Name:%t%2%n
%tTarget Domain:%t%3%n
%tTarget Account ID:%t%4%n
%tCaller User Name:%t%5%n
%tCaller Domain:%t%6%n
%tCaller Logon ID:%t%7%n
%tPrivileges:%t%8%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_UNLOCKED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target user account
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
MessageId=0x029F
SymbolicName=SE_AUDITID_ACCOUNT_UNLOCKED
Language=English
User Account Unlocked:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
.
;//
;//
;// SE_AUDITID_SECURE_ADMIN_GROUP
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - (unused)
;//
;// 2 - domain of target user account
;//
;// 3 - SID string of target user account
;//
;// 4 - User name of subject changing the user account
;//
;// 5 - Domain name of subject changing the user account
;//
;// 6 - Logon ID string of subject changing the user account
;//
;//
;//
MessageId=0x02AC
SymbolicName=SE_AUDITID_SECURE_ADMIN_GROUP
Language=English
Set ACLs of members in administrators groups:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_NAME_CHANGE
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - Account name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
;//
MessageId=0x02AD
SymbolicName=SE_AUDITID_ACCOUNT_NAME_CHANGE
Language=English
Account Name Changed:%n
%tOld Account Name:%t%1%n
%tNew Account Name:%t%2%n
%tTarget Domain:%t%t%3%n
%tTarget Account ID:%t%4%n
%tCaller User Name:%t%5%n
%tCaller Domain:%t%6%n
%tCaller Logon ID:%t%7%n
%tPrivileges:%t%8%n
.
;//
;//
;// SE_AUDITID_PASSWORD_HASH_ACCESS
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Event Type : success/failure
;//
;// Description:
;// This event is generated when user password hashes are retrieved
;// by the ADMT password filter DLL. This typically happens during
;// ADMT password migration.
;//
;// Notes:
;// To migrate passwords, a DLL (name?) gets loaded in lsass.exe as
;// a password filter. This filter registers an RPC interface used by ADMT
;// to request password migration. One SE_AUDITID_PASSWORD_HASH_ACCESS event
;// is generated per password fetched.
;//
;//
MessageId=0x02AE
SymbolicName=SE_AUDITID_PASSWORD_HASH_ACCESS
Language=English
Password of the following user accessed:%n
%tTarget User Name:%t%1%n
%tTarget User Domain:%t%t%2%n
By user:%n
%tCaller User Name:%t%3%n
%tCaller Domain:%t%t%4%n
%tCaller Logon ID:%t%t%5%n
.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_CREATED
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_CREATED
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x02AF
SymbolicName=SE_AUDITID_APP_BASIC_GROUP_CREATED
Language=English
Basic Application Group Created:%n
%tNew Account Name:%t%1%n
%tNew Domain:%t%2%n
%tNew Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_CHANGE
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - name of group account
;//
;// 2 - domain of group account
;//
;// 3 - SID string of group account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x02B0
SymbolicName=SE_AUDITID_APP_BASIC_GROUP_CHANGE
Language=English
Basic Application Group Changed:%n
%tNew Account Name:%t%1%n
%tNew Domain:%t%2%n
%tNew Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Changed Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_ADD
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_ADD
;//
;// Parameter Strings -
;//
;// 1 - name of member being added
;//
;// 2 - string SID of member being added
;//
;// 3 - name of target account
;//
;// 4 - domain of target account
;//
;// 5 - SID string of target account
;//
;// 6 - User name of subject changing the account
;//
;// 7 - Domain name of subject changing the account
;//
;// 8 - Logon ID string of subject changing the account
;//
;// 9 - Privileges
;//
;//
MessageId=0x02B1
SymbolicName=SE_AUDITID_APP_BASIC_GROUP_ADD
Language=English
Basic Application Group Member Added:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_REM
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_REM
;//
;// Parameter Strings -
;//
;// 1 - name of member being removed
;//
;// 2 - string SID of member being removed
;//
;// 3 - name of target account
;//
;// 4 - domain of target account
;//
;// 5 - SID string of target account
;//
;// 6 - User name of subject changing the account
;//
;// 7 - Domain name of subject changing the account
;//
;// 8 - Logon ID string of subject changing the account
;//
;// 9 - Privileges
;//
;//
MessageId=0x02B2
SymbolicName=SE_AUDITID_APP_BASIC_GROUP_REM
Language=English
Basic Application Group Member Removed:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_NM_ADD
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_NM_ADD
;//
;// Parameter Strings -
;//
;// 1 - name of non-member being added
;//
;// 2 - string SID of non-member being added
;//
;// 3 - name of target account
;//
;// 4 - domain of target account
;//
;// 5 - SID string of target account
;//
;// 6 - User name of subject changing the account
;//
;// 7 - Domain name of subject changing the account
;//
;// 8 - Logon ID string of subject changing the account
;//
;// 9 - Privileges
;//
;//
MessageId=0x02B3
SymbolicName=SE_AUDITID_APP_BASIC_GROUP_NM_ADD
Language=English
Basic Application Group Non-Member Added:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_NM_REM
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_NM_REM
;//
;// Parameter Strings -
;//
;// 1 - name of non-member being removed
;//
;// 2 - string SID of non-member being removed
;//
;// 3 - name of target account
;//
;// 4 - domain of target account
;//
;// 5 - SID string of target account
;//
;// 6 - User name of subject changing the account
;//
;// 7 - Domain name of subject changing the account
;//
;// 8 - Logon ID string of subject changing the account
;//
;// 9 - Privileges
;//
;//
MessageId=0x02B4
SymbolicName=SE_AUDITID_APP_BASIC_GROUP_NM_REM
Language=English
Basic Application Group Non-Member Removed:%n
%tMember Name:%t%1%n
%tMember ID:%t%2%n
%tTarget Account Name:%t%3%n
%tTarget Domain:%t%4%n
%tTarget Account ID:%t%5%n
%tCaller User Name:%t%6%n
%tCaller Domain:%t%7%n
%tCaller Logon ID:%t%8%n
%tPrivileges:%t%9%n
.
;//
;//
;// SE_AUDITID_APP_BASIC_GROUP_DELETED
;//
;// Category: SE_AUDITID_APP_BASIC_GROUP_DELETED
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x02B5
SymbolicName=SE_AUDITID_APP_BASIC_GROUP_DELETED
Language=English
Basic Application Group Deleted:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_APP_QUERY_GROUP_CREATED
;//
;// Category: SE_AUDITID_APP_QUERY_GROUP_CREATED
;//
;// Parameter Strings -
;//
;// 1 - name of new group account
;//
;// 2 - domain of new group account
;//
;// 3 - SID string of new group account
;//
;// 4 - User name of subject creating the account
;//
;// 5 - Domain name of subject creating the account
;//
;// 6 - Logon ID string of subject creating the account
;//
;//
MessageId=0x02B6
SymbolicName=SE_AUDITID_APP_QUERY_GROUP_CREATED
Language=English
LDAP Query Group Created:%n
%tNew Account Name:%t%1%n
%tNew Domain:%t%2%n
%tNew Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_APP_QUERY_GROUP_CHANGE
;//
;// Category: SE_AUDITID_APP_QUERY_GROUP_CHANGE
;//
;// Parameter Strings -
;//
;// 1 - name of group account
;//
;// 2 - domain of group account
;//
;// 3 - SID string of group account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x02B7
SymbolicName=SE_AUDITID_APP_QUERY_GROUP_CHANGE
Language=English
LDAP Query Group Changed:%n
%tNew Account Name:%t%1%n
%tNew Domain:%t%2%n
%tNew Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
Changed Attributes:%n
%tSam Account Name:%t%8%n
%tSid History:%t%9%n
.
;//
;//
;// SE_AUDITID_APP_QUERY_GROUP_DELETED
;//
;// Category: SE_AUDITID_APP_QUERY_GROUP_DELETED
;//
;// Parameter Strings -
;//
;// 1 - name of target account
;//
;// 2 - domain of target account
;//
;// 3 - SID string of target account
;//
;// 4 - User name of subject changing the account
;//
;// 5 - Domain name of subject changing the account
;//
;// 6 - Logon ID string of subject changing the account
;//
;//
MessageId=0x02B8
SymbolicName=SE_AUDITID_APP_QUERY_GROUP_DELETED
Language=English
LDAP Query Group Deleted:%n
%tTarget Account Name:%t%1%n
%tTarget Domain:%t%2%n
%tTarget Account ID:%t%3%n
%tCaller User Name:%t%4%n
%tCaller Domain:%t%5%n
%tCaller Logon ID:%t%6%n
%tPrivileges:%t%7%n
.
;//
;//
;// SE_AUDITID_PASSWORD_POLICY_API_CALLED
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - Name of the account making this call
;// 2 - Domain of the account making this call
;// 3 - Authentication ID of the logon session
;// 4 - Caller Workstation IP
;// 5 - Target AccountName
;// 6 - Status Code
;//
MessageId=0x02B9
SymbolicName=SE_AUDITID_PASSWORD_POLICY_API_CALLED
Language=English
Password Policy Checking API is called:%n
%tCaller Username:%t%1%n
%tCaller Domain:%t%2%n
%tCaller Logon ID:%t%3%n
%tCaller Workstation:%t%4%n
%tProvided User Name (unauthenticated):%t%5%n
%tStatus Code:%t%6%n
.
;//
;//
;// SE_AUDITID_DSRM_PASSWORD_SET
;//
;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
;//
;// Parameter Strings -
;//
;// 1 - Name of the account making this call
;// 2 - Domain of the account making this call
;// 3 - Authentication ID of the logon session
;// 4 - Caller Workstation IP
;// 5 - Status code
;//
MessageId=0x02BA
SymbolicName=SE_AUDITID_DSRM_PASSWORD_SET
Language=English
An attempt to set the Directory Services Restore Mode
administrator password has been made.%n
%tCaller Username:%t%1%n
%tCaller Domain:%t%2%n
%tCaller Logon ID:%t%3%n
%tCaller Workstation:%t%4%n
%tStatus Code:%t%5%n
.
;
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_DS_ACCESS //
;// //
;// Event IDs: //
;// SE_AUDITID_REPLICA_SOURCE_NC_ESTABLISHED //
;// SE_AUDITID_REPLICA_SOURCE_NC_REMOVED //
;// SE_AUDITID_REPLICA_SOURCE_NC_MODIFIED //
;// SE_AUDITID_REPLICA_DEST_NC_MODIFIED //
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_BEGINS //
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_ENDS //
;// SE_AUDITID_REPLICA_OBJ_ATTR_REPLICATION //
;// SE_AUDITID_REPLICA_FAILURE_EVENT_BEGIN //
;// SE_AUDITID_REPLICA_FAILURE_EVENT_END //
;// SE_AUDITID_REPLICA_LINGERING_OBJECT_REMOVAL //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;// SE_AUDITID_REPLICA_SOURCE_NC_ESTABLISHED
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This is generated when a replication source reference has been added to
;// a destination naming context establishing a replication partnership.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0340
SymbolicName=SE_AUDITID_REPLICA_SOURCE_NC_ESTABLISHED
Language=English
%tDestination DRA:%t%1%n
%tSource DRA:%t%2%n
%tSource Addr:%t%3%n
%tNaming Context:%t%4%n
%tOptions:%t%5%n
%tStatus Code:%t%6%n
.
;//
;// SE_AUDITID_REPLICA_SOURCE_NC_REMOVED
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This is generated when a replication partnership between a source and
;// the destination for a given naming context has been removed.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0341
SymbolicName=SE_AUDITID_REPLICA_SOURCE_NC_REMOVED
Language=English
%tDestination DRA:%t%1%n
%tSource DRA:%t%2%n
%tSource Addr:%t%3%n
%tNaming Context:%t%4%n
%tOptions:%t%5%n
%tStatus Code:%t%6%n
.
;//
;// SE_AUDITID_REPLICA_SOURCE_NC_MODIFIED
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This is generated when a replication source associated with
;// a destination naming context has been modified.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0342
SymbolicName=SE_AUDITID_REPLICA_SOURCE_NC_MODIFIED
Language=English
%tDestination DRA:%t%1%n
%tSource DRA:%t%2%n
%tSource Addr:%t%3%n
%tNaming Context:%t%4%n
%tOptions:%t%5%n
%tStatus Code:%t%6%n
.
;//
;// SE_AUDITID_REPLICA_DEST_NC_MODIFIED
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This is generated when a replication destination associated with
;// a source naming context has been modified.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0343
SymbolicName=SE_AUDITID_REPLICA_DEST_NC_MODIFIED
Language=English
%tDestination DRA:%t%1%n
%tSource DRA:%t%2%n
%tDest. Addr:%t%3%n
%tNaming Context:%t%4%n
%tOptions:%t%5%n
%tStatus Code:%t%6%n
.
;//
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_BEGINS
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success
;//
;// Description:
;// This event records the start of a replication protocol session between
;// the destination replica NC and one of its source replicas.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0344
SymbolicName=SE_AUDITID_REPLICA_SOURCE_NC_SYNC_BEGINS
Language=English
%tDestination DRA:%t%1%n
%tSource DRA:%t%2%n
%tNaming Context:%t%3%n
%tOptions:%t%4%n
%tSession ID:%t%5%n
%tStart USN:%t%6%n
.
;//
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_ENDS
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This event records the end of a replication protocol session between
;// the destination replica NC and one of its source replicas.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0345
SymbolicName=SE_AUDITID_REPLICA_SOURCE_NC_SYNC_ENDS
Language=English
%tDestination DRA:%t%1%n
%tSource DRA:%t%2%n
%tNaming Context:%t%3%n
%tOptions:%t%4%n
%tSession ID:%t%5%n
%tEnd USN:%t%6%n
%tStatus Code:%t%7%n
.
;//
;// SE_AUDITID_REPLICA_OBJ_ATTR_REPLICATION
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This event records the completion of replication of a single
;// attribute of an object.
;//
;// Note:
;// -- This event is always generated in the local system context.
;// -- This event is generated if
;// -- SE_CATEGID_DS_ACCESS is enabled AND
;// -- the value of
;// SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditDSObjectsInReplication
;// is set to 1
;//
MessageId=0x0346
SymbolicName=SE_AUDITID_REPLICA_OBJ_ATTR_REPLICATION
Language=English
%tSession ID:%t%1%n
%tObject:%t%2%n
%tAttribute:%t%3%n
%tType of change:%t%4%n
%tNew Value:%t%5%n
%tUSN:%t%6%n
%tStatus Code:%t%7%n
.
;//
;// SE_AUDITID_REPLICA_FAILURE_EVENT_BEGIN
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : failure
;//
;// Description:
;// This event records an inability to gather enough data to succesfully
;// record *before* one of the following replication events which were not
;// executed:
;// SE_AUDITID_REPLICA_SOURCE_NC_ESTABLISHED
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_BEGINS
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0347
SymbolicName=SE_AUDITID_REPLICA_FAILURE_EVENT_BEGIN
Language=English
%tReplication Event:%t%1%n
%tAudit Status Code:%t%2%n
.
;//
;// SE_AUDITID_REPLICA_FAILURE_EVENT_END
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This event records an inability to gather enough data to succesfully
;// record *after* one of the following replication events which may or
;// may not have executed successfully:
;// SE_AUDITID_REPLICA_SOURCE_NC_ESTABLISHED
;// SE_AUDITID_REPLICA_SOURCE_NC_REMOVED
;// SE_AUDITID_REPLICA_SOURCE_NC_MODIFIED
;// SE_AUDITID_REPLICA_DEST_NC_MODIFIED
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_BEGINS
;// SE_AUDITID_REPLICA_SOURCE_NC_SYNC_ENDS
;// SE_AUDITID_REPLICA_OBJ_ATTR_REPLICATION
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0348
SymbolicName=SE_AUDITID_REPLICA_FAILURE_EVENT_END
Language=English
%tReplication Event:%t%1%n
%tAudit Status Code:%t%2%n
%tReplication Status Code:%t%3%n
.
;//
;// SE_AUDITID_REPLICA_LINGERING_OBJECT_REMOVAL
;//
;// Category: SE_CATEGID_DS_ACCESS
;//
;// Event Type : success/failure
;//
;// Description:
;// This event records an attempt made by the replication lingering
;// object removal mechanism to delete and garbage collect an object.
;//
;// Note:
;// This event is always generated in the local system context.
;//
MessageId=0x0349
SymbolicName=SE_AUDITID_REPLICA_LINGERING_OBJECT_REMOVALv
Language=English
%tDestination DRA:%t%1%n
%tSource DRA:%t%2%n
%tObject:%t%3%n
%tOptions:%t%4%n
%tStatus Code:%t%5%n
.
;
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_ACCOUNT_LOGON //
;// //
;// Event IDs: //
;// SE_AUDITID_AS_TICKET //
;// SE_AUDITID_TGS_TICKET_REQUEST //
;// SE_AUDITID_TICKET_RENEW_SUCCESS //
;// SE_AUDITID_PREAUTH_FAILURE //
;// SE_AUDITID_TGS_TICKET_FAILURE //
;// SE_AUDITID_ACCOUNT_MAPPED //
;// SE_AUDITID_ACCOUNT_LOGON //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_AS_TICKET
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User name of client
;//
;// 2 - Supplied realm name
;//
;// 3 - SID of client user
;//
;// 4 - User name of service
;//
;// 5 - SID of service
;//
;// 6 - Ticket Options
;//
;// 7 - Failure code
;//
;// 8 - Ticket Encryption Type
;//
;// 9 - Preauthentication type (i.e. PK_INIT)
;//
;// 10 - Client IP address
;//
;// 11 - Certificate Issuer Name
;//
;// 12 - Certificate Serial Number
;//
;// 13 - Certificate Thumbprint
;//
MessageId=0x02a0
SymbolicName=SE_AUDITID_AS_TICKET
Language=English
Authentication Ticket Request:%n
%tUser Name:%t%t%1%n
%tSupplied Realm Name:%t%2%n
%tUser ID:%t%t%t%3%n
%tService Name:%t%t%4%n
%tService ID:%t%t%5%n
%tTicket Options:%t%t%6%n
%tResult Code:%t%t%7%n
%tTicket Encryption Type:%t%8%n
%tPre-Authentication Type:%t%9%n
%tClient Address:%t%t%10%n
%tCertificate Issuer Name:%t%11%n
%tCertificate Serial Number:%t%12%n
%tCertificate Thumbprint:%t%13%n
.
;//
;//
;// SE_AUDITID_AS_TICKET_FAILURE
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Note:
;// This event is obsolete. It is not generated by Whistler.
;// It is retained in this file so that anybody viewing w2k events
;// from a whistler machine can view them correctly.
;//
;//
MessageId=0x02a4
SymbolicName=SE_AUDITID_AS_TICKET_FAILURE
Language=English
Authentication Ticket Request Failed:%n
%tUser Name:%t%1%n
%tSupplied Realm Name:%t%2%n
%tService Name:%t%3%n
%tTicket Options:%t%4%n
%tFailure Code:%t%5%n
%tClient Address:%t%6%n
.
;//
;//
;// SE_AUDITID_TGS_TICKET_REQUEST
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User name of client
;//
;// 2 - Domain name of client
;//
;// 3 - User name of service
;//
;// 4 - SID of service
;//
;// 5 - Ticket Options
;//
;// 6 - Ticket Encryption Type
;//
;// 7 - Client IP address
;//
;// 8 - Failure code (0 for success)
;//
;// 9 - logon GUID
;//
;// 10 - Transited Services
;//
MessageId=0x02a1
SymbolicName=SE_AUDITID_TGS_TICKET_REQUEST
Language=English
Service Ticket Request:%n
%tUser Name:%t%t%1%n
%tUser Domain:%t%t%2%n
%tService Name:%t%t%3%n
%tService ID:%t%t%4%n
%tTicket Options:%t%t%5%n
%tTicket Encryption Type:%t%6%n
%tClient Address:%t%t%7%n
%tFailure Code:%t%t%8%n
%tLogon GUID:%t%t%9%n
%tTransited Services:%t%10%n
.
;//
;//
;// SE_AUDITID_TICKET_RENEW_SUCCESS
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User name of client
;//
;// 2 - Domain name of client
;//
;// 3 - User name of service
;//
;// 4 - SID of service
;//
;// 5 - Ticket Options
;//
;// 6 - Ticket Encryption Type
;//
;// 7 - Client IP address
;//
MessageId=0x02a2
SymbolicName=SE_AUDITID_TICKET_RENEW_SUCCESS
Language=English
Service Ticket Renewed:%n
%tUser Name:%t%1%n
%tUser Domain:%t%2%n
%tService Name:%t%3%n
%tService ID:%t%4%n
%tTicket Options:%t%5%n
%tTicket Encryption Type:%t%6%n
%tClient Address:%t%7%n
.
;//
;//
;// SE_AUDITID_PREAUTH_FAILURE
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User name of client
;//
;// 2 - SID of client user
;//
;// 3 - User name of service
;//
;// 4 - Preauth Type
;//
;// 5 - Failure code
;//
;// 6 - Client IP address
;//
;// Event type: failure
;// Description: This event is generated on a KDC when
;// preauthentication fails (user types in wrong password).
;//
MessageId=0x02a3
SymbolicName=SE_AUDITID_PREAUTH_FAILURE
Language=English
Pre-authentication failed:%n
%tUser Name:%t%1%n
%tUser ID:%t%t%2%n
%tService Name:%t%3%n
%tPre-Authentication Type:%t%4%n
%tFailure Code:%t%5%n
%tClient Address:%t%6%n
.
;//
;//
;// SE_AUDITID_TGS_TICKET_FAILURE
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Note:
;// This event is obsolete. It is not generated by Whistler.
;// It is retained in this file so that anybody viewing w2k events
;// from a whistler machine can view them correctly.
;//
MessageId=0x02a5
SymbolicName=SE_AUDITID_TGS_TICKET_FAILURE
Language=English
Service Ticket Request Failed:%n
%tUser Name:%t%1%n
%tUser Domain:%t%2%n
%tService Name:%t%3%n
%tTicket Options:%t%4%n
%tFailure Code:%t%5%n
%tClient Address:%t%6%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_MAPPED
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Type: success / failure
;//
;// Description: An account mapping is a map of a user authenticated in an MIT realm to a
;// domain account. A mapping acts much like a logon. Hence, it is important to audit this.
;//
;// Parameter Strings -
;//
;// 1 - Source
;//
;// 2 - Client Name
;//
;// 3 - Mapped Name
;//
;//
;//
MessageId=0x02a6
SymbolicName=SE_AUDITID_ACCOUNT_MAPPED
Language=English
Account Mapped for Logon.%n
Mapping Attempted By:%n
%t%1%n
Client Name:%n
%t%2%n
%tMapped Name:%n
%t%3%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_NOT_MAPPED
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Note:
;// This event is obsolete. It is not generated by Whistler.
;// It is retained in this file so that anybody viewing w2k events
;// from a whistler machine can view them correctly.
;// Parameter Strings -
;//
MessageId=0x02a7
SymbolicName=SE_AUDITID_ACCOUNT_NOT_MAPPED
Language=English
The name:%n
%t%2%n
could not be mapped for logon by:
%t%1%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_LOGON
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Type: Success / Failure
;//
;// Description: This audits a logon attempt. The audit appears on the DC.
;// This is generated by calling LogonUser.
;//
;//
MessageId=0x02a8
SymbolicName=SE_AUDITID_ACCOUNT_LOGON
Language=English
Logon attempt by:%t%1%n
Logon account:%t%2%n
Source Workstation:%t%3%n
Error Code:%t%4%n
.
;//
;//
;// SE_AUDITID_ACCOUNT_LOGON_FAILURE
;//
;// Category: SE_CATEGID_ACCOUNT_LOGON
;//
;// Note:
;// This event is obsolete. It is not generated by Whistler.
;// It is retained in this file so that anybody viewing w2k events
;// from a whistler machine can view them correctly.
;//
;//
MessageId=0x02a9
SymbolicName=SE_AUDITID_ACCOUNT_LOGON_FAILURE
Language=English
The logon to account: %2%n
by: %1%n
from workstation: %3%n
failed. The error code was: %4%n
.
;//
;//
;// SE_AUDITID_SESSION_RECONNECTED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;// 4 - Session Name
;//
;// 5 - Client Name
;//
;// 6 - Client Address
;//
;//
MessageId=0x02aa
SymbolicName=SE_AUDITID_SESSION_RECONNECTED
Language=English
Session reconnected to winstation:%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon ID:%t%t%3%n
%tSession Name:%t%4%n
%tClient Name:%t%5%n
%tClient Address:%t%6
.
;//
;//
;// SE_AUDITID_SESSION_DISCONNECTED
;//
;// Category: SE_CATEGID_LOGON
;//
;// Parameter Strings -
;//
;// 1 - User account name
;//
;// 2 - Authenticating domain name
;//
;// 3 - Logon ID string
;//
;// 4 - Session Name
;//
;// 5 - Client Name
;//
;// 6 - Client Address
;//
;//
MessageId=0x02ab
SymbolicName=SE_AUDITID_SESSION_DISCONNECTED
Language=English
Session disconnected from winstation:%n
%tUser Name:%t%1%n
%tDomain:%t%t%2%n
%tLogon ID:%t%t%3%n
%tSession Name:%t%4%n
%tClient Name:%t%5%n
%tClient Address:%t%6
.
;/////////////////////////////////////////////////////////////////////////////
;// //
;// //
;// Messages for Category: SE_CATEGID_OBJECT_ACCESS - CertSrv //
;// //
;// Event IDs: //
;// SE_AUDITID_CERTSRV_DENYREQUEST //
;// SE_AUDITID_CERTSRV_RESUBMITREQUEST //
;// SE_AUDITID_CERTSRV_REVOKECERT //
;// SE_AUDITID_CERTSRV_PUBLISHCRL //
;// SE_AUDITID_CERTSRV_AUTOPUBLISHCRL //
;// SE_AUDITID_CERTSRV_SETEXTENSION //
;// SE_AUDITID_CERTSRV_SETATTRIBUTES //
;// SE_AUDITID_CERTSRV_SHUTDOWN //
;// SE_AUDITID_CERTSRV_BACKUPSTART //
;// SE_AUDITID_CERTSRV_BACKUPEND //
;// SE_AUDITID_CERTSRV_RESTORESTART //
;// SE_AUDITID_CERTSRV_RESTOREEND //
;// SE_AUDITID_CERTSRV_SERVICESTART //
;// SE_AUDITID_CERTSRV_SERVICESTOP //
;// SE_AUDITID_CERTSRV_SETSECURITY //
;// SE_AUDITID_CERTSRV_GETARCHIVEDKEY //
;// SE_AUDITID_CERTSRV_IMPORTCERT //
;// SE_AUDITID_CERTSRV_SETAUDITFILTER //
;// SE_AUDITID_CERTSRV_NEWREQUEST //
;// SE_AUDITID_CERTSRV_REQUESTAPPROVED //
;// SE_AUDITID_CERTSRV_REQUESTDENIED //
;// SE_AUDITID_CERTSRV_REQUESTPENDING //
;// SE_AUDITID_CERTSRV_SETOFFICERRIGHTS //
;// SE_AUDITID_CERTSRV_SETCONFIGENTRY //
;// SE_AUDITID_CERTSRV_SETCAPROPERTY //
;// SE_AUDITID_CERTSRV_KEYARCHIVED //
;// SE_AUDITID_CERTSRV_IMPORTKEY //
;// SE_AUDITID_CERTSRV_PUBLISHCERT //
;// SE_AUDITID_CERTSRV_DELETEROW //
;// SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE //
;// //
;// //
;/////////////////////////////////////////////////////////////////////////////
;//
;//
;// SE_AUDITID_CERTSRV_DENYREQUEST
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;//
MessageId=0x0304
SymbolicName=SE_AUDITID_CERTSRV_DENYREQUEST
Language=English
The certificate manager denied a pending certificate request.%n
%n
Request ID:%t%1
.
;//
;//
;// SE_AUDITID_CERTSRV_RESUBMITREQUEST
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;//
MessageId=0x0305
SymbolicName=SE_AUDITID_CERTSRV_RESUBMITREQUEST
Language=English
Certificate Services received a resubmitted certificate request.%n
%n
Request ID:%t%1
.
;//
;//
;// SE_AUDITID_CERTSRV_REVOKECERT
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Serial No.
;//
;// 2 - Reason
;//
;//
MessageId=0x0306
SymbolicName=SE_AUDITID_CERTSRV_REVOKECERT
Language=English
Certificate Services revoked a certificate.%n
%n
Serial No:%t%1%n
Reason:%t%2
.
;//
;//
;// SE_AUDITID_CERTSRV_PUBLISHCRL
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Next Update
;//
;// 2 - Publish Base
;//
;// 3 - Publish Delta
;//
;//
MessageId=0x0307
SymbolicName=SE_AUDITID_CERTSRV_PUBLISHCRL
Language=English
Certificate Services received a request to publish the certificate revocation list (CRL).%n
%n
Next Update:%t%1%n
Publish Base:%t%2%n
Publish Delta:%t%3
.
;//
;//
;// SE_AUDITID_CERTSRV_AUTOPUBLISHCRL
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Base CRL
;//
;// 2 - CRL No.
;//
;// 3 - Key Container
;//
;// 4 - Next Publish
;//
;// 5 - Publish URLs
;//
;//
MessageId=0x0308
SymbolicName=SE_AUDITID_CERTSRV_AUTOPUBLISHCRL
Language=English
Certificate Services published the certificate revocation list (CRL).%n
%n
Base CRL:%t%1%n
CRL No:%t%t%2%n
Key Container:%t%3%n
Next Publish:%t%4%n
Publish URLs:%t%5
.
;//
;//
;// SE_AUDITID_CERTSRV_SETEXTENSION
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Extension Name
;//
;// 3 - Extension Type
;//
;// 4 - Flags
;//
;// 5 - Extension Data
;//
;//
MessageId=0x0309
SymbolicName=SE_AUDITID_CERTSRV_SETEXTENSION
Language=English
A certificate request extension changed.%n
%n
Request ID:%t%1%n
Name:%t%2%n
Type:%t%3%n
Flags:%t%4%n
Data:%t%5
.
;//
;//
;// SE_AUDITID_CERTSRV_SETATTRIBUTES
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Attributes
;//
;//
MessageId=0x030a
SymbolicName=SE_AUDITID_CERTSRV_SETATTRIBUTES
Language=English
One or more certificate request attributes changed.%n
%n
Request ID:%t%1%n
Attributes:%t%2
.
;//
;//
;// SE_AUDITID_CERTSRV_SHUTDOWN
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;//
MessageId=0x030b
SymbolicName=SE_AUDITID_CERTSRV_SHUTDOWN
Language=English
Certificate Services received a request to shut down.
.
;//
;//
;// SE_AUDITID_CERTSRV_BACKUPSTART
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Backup Type
;//
;//
MessageId=0x030c
SymbolicName=SE_AUDITID_CERTSRV_BACKUPSTART
Language=English
Certificate Services backup started.%n
Backup Type:%t%1
.
;//
;//
;// SE_AUDITID_CERTSRV_BACKUPEND
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;//
MessageId=0x030d
SymbolicName=SE_AUDITID_CERTSRV_BACKUPEND
Language=English
Certificate Services backup completed.
.
;//
;//
;// SE_AUDITID_CERTSRV_RESTORESTART
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;//
MessageId=0x030e
SymbolicName=SE_AUDITID_CERTSRV_RESTORESTART
Language=English
Certificate Services restore started.
.
;//
;//
;// SE_AUDITID_CERTSRV_RESTOREEND
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;//
MessageId=0x030f
SymbolicName=SE_AUDITID_CERTSRV_RESTOREEND
Language=English
Certificate Services restore completed.
.
;//
;//
;// SE_AUDITID_CERTSRV_SERVICESTART
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Certificate Database Hash
;//
;// 2 - Private Key Usage Count
;//
;// 3 - CA Certificate Hash
;//
;// 4 - CA Public Key Hash
;//
;//
MessageId=0x0310
SymbolicName=SE_AUDITID_CERTSRV_SERVICESTART
Language=English
Certificate Services started.%n
%n
Certificate Database Hash:%t%1%n
Private Key Usage Count:%t%2%n
CA Certificate Hash:%t%3%n
CA Public Key Hash:%t%4
.
;//
;//
;// SE_AUDITID_CERTSRV_SERVICESTOP
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Certificate Database Hash
;//
;// 2 - Private Key Usage Count
;//
;// 3 - CA Certificate Hash
;//
;// 4 - CA Public Key Hash
;//
;//
MessageId=0x0311
SymbolicName=SE_AUDITID_CERTSRV_SERVICESTOP
Language=English
Certificate Services stopped.%n
%n
Certificate Database Hash:%t%1%n
Private Key Usage Count:%t%2%n
CA Certificate Hash:%t%3%n
CA Public Key Hash:%t%4
.
;//
;//
;// SE_AUDITID_CERTSRV_SETSECURITY
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - New permissions
;//
;//
MessageId=0x0312
SymbolicName=SE_AUDITID_CERTSRV_SETSECURITY
Language=English
The security permissions for Certificate Services changed.%n
%n
%1
.
;//
;//
;// SE_AUDITID_CERTSRV_GETARCHIVEDKEY
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;//
MessageId=0x0313
SymbolicName=SE_AUDITID_CERTSRV_GETARCHIVEDKEY
Language=English
Certificate Services retrieved an archived key.%n
%n
Request ID:%t%1
.
;//
;//
;// SE_AUDITID_CERTSRV_IMPORTCERT
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Certificate
;//
;// 2 - Request ID
;//
;//
MessageId=0x0314
SymbolicName=SE_AUDITID_CERTSRV_IMPORTCERT
Language=English
Certificate Services imported a certificate into its database.%n
%n
Certificate:%t%1%n
Request ID:%t%2
.
;//
;//
;// SE_AUDITID_CERTSRV_SETAUDITFILTER
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Filter
;//
;//
MessageId=0x0315
SymbolicName=SE_AUDITID_CERTSRV_SETAUDITFILTER
Language=English
The audit filter for Certificate Services changed.%n
%n
Filter:%t%1
.
;//
;//
;// SE_AUDITID_CERTSRV_NEWREQUEST
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Requester
;//
;// 3 - Attributes
;//
;//
MessageId=0x0316
SymbolicName=SE_AUDITID_CERTSRV_NEWREQUEST
Language=English
Certificate Services received a certificate request.%n
%n
Request ID:%t%1%n
Requester:%t%2%n
Attributes:%t%3
.
;//
;//
;// SE_AUDITID_CERTSRV_REQUESTAPPROVED
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Requester
;//
;// 3 - Attributes
;//
;// 4 - Disposition
;//
;// 5 - SKI
;//
;// 6 - Subject
;//
;//
MessageId=0x0317
SymbolicName=SE_AUDITID_CERTSRV_REQUESTAPPROVED
Language=English
Certificate Services approved a certificate request and issued a certificate.%n
%n
Request ID:%t%1%n
Requester:%t%2%n
Attributes:%t%3%n
Disposition:%t%4%n
SKI:%t%t%5%n
Subject:%t%6
.
;//
;//
;// SE_AUDITID_CERTSRV_REQUESTDENIED
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Requester
;//
;// 3 - Attributes
;//
;// 4 - Disposition
;//
;// 5 - SKI
;//
;// 6 - Subject
;//
;//
MessageId=0x0318
SymbolicName=SE_AUDITID_CERTSRV_REQUESTDENIED
Language=English
Certificate Services denied a certificate request.%n
%n
Request ID:%t%1%n
Requester:%t%2%n
Attributes:%t%3%n
Disposition:%t%4%n
SKI:%t%t%5%n
Subject:%t%6
.
;//
;//
;// SE_AUDITID_CERTSRV_REQUESTPENDING
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Requester
;//
;// 3 - Attributes
;//
;// 4 - Disposition
;//
;// 5 - SKI
;//
;// 6 - Subject
;//
;//
MessageId=0x0319
SymbolicName=SE_AUDITID_CERTSRV_REQUESTPENDING
Language=English
Certificate Services set the status of a certificate request to pending.%n
%n
Request ID:%t%1%n
Requester:%t%2%n
Attributes:%t%3%n
Disposition:%t%4%n
SKI:%t%t%5%n
Subject:%t%6
.
;//
;//
;// SE_AUDITID_CERTSRV_SETOFFICERRIGHTS
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Enable restrictions
;//
;// 2 - Restrictions
;//
;//
MessageId=0x031a
SymbolicName=SE_AUDITID_CERTSRV_SETOFFICERRIGHTS
Language=English
The certificate manager settings for Certificate Services changed.%n
%n
Enable:%t%1%n
%n
%2
.
;//
;//
;// SE_AUDITID_CERTSRV_SETCONFIGENTRY
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Node
;//
;// 2 - Entry
;//
;// 3 - Value
;//
;//
MessageId=0x031b
SymbolicName=SE_AUDITID_CERTSRV_SETCONFIGENTRY
Language=English
A configuration entry changed in Certificate Services.%n
%n
Node:%t%1%n
Entry:%t%2%n
Value:%t%3
.
;//
;//
;// SE_AUDITID_CERTSRV_SETCAPROPERTY
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Property
;//
;// 2 - Index
;//
;// 3 - Type
;//
;// 4 - Value
;//
;//
MessageId=0x031c
SymbolicName=SE_AUDITID_CERTSRV_SETCAPROPERTY
Language=English
A property of Certificate Services changed.%n
%n
Property:%t%1%n
Index:%t%2%n
Type:%t%3%n
Value:%t%4
.
;//
;//
;// SE_AUDITID_CERTSRV_KEYARCHIVED
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;// 2 - Requester
;//
;// 3 - KRA Hashes
;//
;//
MessageId=0x031d
SymbolicName=SE_AUDITID_CERTSRV_KEYARCHIVED
Language=English
Certificate Services archived a key.%n
%n
Request ID:%t%1%n
Requester:%t%2%n
KRA Hashes:%t%3
.
;//
;//
;// SE_AUDITID_CERTSRV_IMPORTKEY
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Request ID
;//
;//
MessageId=0x031e
SymbolicName=SE_AUDITID_CERTSRV_IMPORTKEY
Language=English
Certificate Services imported and archived a key.%n
%n
Request ID:%t%1
.
;//
;//
;// SE_AUDITID_CERTSRV_PUBLISHCACERT
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Certificate Hash
;//
;// 2 - Valid From
;//
;// 3 - Valid To
;//
;//
MessageId=0x031f
SymbolicName=SE_AUDITID_CERTSRV_PUBLISHCACERT
Language=English
Certificate Services published the CA certificate to Active Directory.%n
%n
Certificate Hash:%t%1%n
Valid From:%t%2%n
Valid To:%t%3
.
;//
;//
;// SE_AUDITID_CERTSRV_DELETEROW
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Table ID
;//
;// 2 - Filter
;//
;// 3 - Rows Deleted
;//
;//
MessageId=0x0320
SymbolicName=SE_AUDITID_CERTSRV_DELETEROW
Language=English
One or more rows have been deleted from the certificate database.%n
%n
Table ID:%t%1%n
Filter:%t%2%n
Rows Deleted:%t%3
.
;//
;//
;// SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE
;//
;// Category: SE_CATEGID_OBJECT_ACCESS
;//
;// Parameter Strings -
;//
;// 1 - Role separation state
;//
;//
MessageId=0x0321
SymbolicName=SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE
Language=English
Role separation enabled:%t%1
.
;/*lint +e767 */ // Resume checking for different macro definitions // winnt
;
;
;#endif // _MSAUDITE_