EventID: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
No edit summary   (change visibility)
 
Line 22: Line 22:
| 10 || RemoteInteractive (Terminal Services, Remote Desktop or Remote Assistance)
| 10 || RemoteInteractive (Terminal Services, Remote Desktop or Remote Assistance)
|}
|}
<syntaxhighlight lang="text">
<QueryList>
  <Query Id="0" Path="security">
    <Select Path="security">
      *[System[(EventID='4624')]]
      and
    ( *[EventData[Data[@Name='logontype'] ='2']]
or
*[EventData[Data[@Name='logontype'] ='10']]
)
    </Select>
  </Query>
</QueryList>
</syntaxhighlight>




Latest revision as of 12:16, 31 August 2015

Bunch of usefull/related Windows Event ID's


shutdown

1074,1076,12,6008,41


logon

4624

Logon Type Description
2 Interactive (logon at keyboard and screen of system)
3 Network (i.e. connection to shared folder on this computer from elsewhere on network)
4 Batch (i.e. scheduled task)
5 Service (Service startup)
10 RemoteInteractive (Terminal Services, Remote Desktop or Remote Assistance) 
<QueryList>
  <Query Id="0" Path="security">
    <Select Path="security">
      *[System[(EventID='4624')]]
      and
     ( *[EventData[Data[@Name='logontype'] ='2']]
or
*[EventData[Data[@Name='logontype'] ='10']]
)
    </Select>
  </Query>
</QueryList>


groups

ID oldID impact Description
4756 660 Low A member was added to a security-enabled universal group.
4757 661 Low A member was removed from a security-enabled universal group.
4732 636 Low A member was added to a security-enabled local group.
4733 637 Low A member was removed from a security-enabled local group.
4728 632 Low A member was added to a security-enabled global group.
4729 633 Low A member was removed from a security-enabled global group.

ADDS

ID Description
5136 A directory service object was modified.
Retrieved from "https://mendelonline.be/wiki/index.php?title=EventID&oldid=261"