As System Administrators, we want to capture few events such as Account Created, Account Deleted, Account lockout etc for audit and security compliant purpose. I'm hereby providing details of few security events which are mostly useful.
Event ID--OS--Eventlog Source--Description
539--Win NT,DC--Security--Account Lockout (In WinNT)
624--Win2000, Win2003--Security--User Account Created
630--Win2000, Win2003--Security--User Account Deleted
631--Win2000, Win2003, DC--Security--Global security group created
634--Win2000, Win2003, DC--Security--Security global group deleted
634--Win2000, Win2003, DC--Security--Security global group deleted
635--Win2000, Win2003, DC--Security--Local security group created.
638--Win2000, Win2003, DC--Security--Security local group deleted
644--Win2003,DC--Security--Account Lockout (In Win2k3)
647--Win2000, Win2003, DC--Security--Computer Account Deleted
648--Win2000, Win2003, DC--Security--Distribution local group created
652--Win2000, Win2003, DC--Security--Distribution local group deleted
653--Win2000, Win2003, DC--Security--Global distribution group created
657--Win2000, Win2003, DC--Security--Distribution global group deleted
658--Win2000, Win2003, DC--Security--Security universal group created
662--Win2000, Win2003, DC--Security--Security universal group deleted
663--Win2000, Win2003, DC--Security--Distribution universal group created
667--Win2000, Win2003, DC--Security--Distribution universal group deleted
Event ID--OS--Eventlog Source--Description
539--Win NT,DC--Security--Account Lockout (In WinNT)
624--Win2000, Win2003--Security--User Account Created
630--Win2000, Win2003--Security--User Account Deleted
631--Win2000, Win2003, DC--Security--Global security group created
634--Win2000, Win2003, DC--Security--Security global group deleted
634--Win2000, Win2003, DC--Security--Security global group deleted
635--Win2000, Win2003, DC--Security--Local security group created.
638--Win2000, Win2003, DC--Security--Security local group deleted
644--Win2003,DC--Security--Account Lockout (In Win2k3)
647--Win2000, Win2003, DC--Security--Computer Account Deleted
648--Win2000, Win2003, DC--Security--Distribution local group created
652--Win2000, Win2003, DC--Security--Distribution local group deleted
653--Win2000, Win2003, DC--Security--Global distribution group created
657--Win2000, Win2003, DC--Security--Distribution global group deleted
658--Win2000, Win2003, DC--Security--Security universal group created
662--Win2000, Win2003, DC--Security--Security universal group deleted
663--Win2000, Win2003, DC--Security--Distribution universal group created
667--Win2000, Win2003, DC--Security--Distribution universal group deleted
No comments:
Post a Comment