Thursday, February 25, 2010

Windows 2003 Account Management Security Events

As System Administrators, we want to capture few events such as Account Created, Account Deleted, Account lockout etc for audit and security compliant purpose. I'm hereby providing details of few security events which are mostly useful.

Event ID--OS--Eventlog Source--Description

539--Win NT,DC--Security--Account Lockout (In WinNT)

624--Win2000, Win2003--Security--User Account Created

630--Win2000, Win2003--Security--User Account Deleted

631--Win2000, Win2003, DC--Security--Global security group created

634--Win2000, Win2003, DC--Security--Security global group deleted

634--Win2000, Win2003, DC--Security--Security global group deleted

635--Win2000, Win2003, DC--Security--Local security group created.

638--Win2000, Win2003, DC--Security--Security local group deleted

644--Win2003,DC--Security--Account Lockout (In Win2k3)

647--Win2000, Win2003, DC--Security--Computer Account Deleted

648--Win2000, Win2003, DC--Security--Distribution local group created

652--Win2000, Win2003, DC--Security--Distribution local group deleted

653--Win2000, Win2003, DC--Security--Global distribution group created

657--Win2000, Win2003, DC--Security--Distribution global group deleted

658--Win2000, Win2003, DC--Security--Security universal group created

662--Win2000, Win2003, DC--Security--Security universal group deleted

663--Win2000, Win2003, DC--Security--Distribution universal group created

667--Win2000, Win2003, DC--Security--Distribution universal group deleted

No comments:

Post a Comment