Windows NT Security Events

<< Click to Display Table of Contents >>

Navigation:  Additional Tips and Resources > Event Log Reference > Security Events > Legacy Operating Systems >

Windows NT Security Events

Windows NT security event descriptions from the security event log. These events will appear with the security event source.

 

  Event ID: 512

      Type: Success Audit

Description: Windows NT is starting up.

 

  Event ID: 513

      Type: Success Audit

Description: Windows NT is shutting down. All logon sessions will be

            terminated by this shutdown.

 

  Event ID: 514

      Type: Success Audit

Description: An authentication package has been loaded by the Local

            Security Authority. This authentication package will be

            used to authenticate logon attempts.

            Authentication Package Name: %1

 

  Event ID: 515

      Type: Success Audit

Description: A trusted logon process has registered with the Local

            Security Authority. This logon process will be trusted to

            submit logon requests.

            Logon Process Name: %1

 

  Event ID: 516

      Type: Success Audit

Description: Internal resources allocated for the queuing of audit

            messages have been exhausted, leading to the loss of some

            audits.

            Number of audit messages discarded: %1

 

  Event ID: 517

      Type: Success Audit

Description: The audit log was cleared

            Primary User Name: %1      Primary Domain: %2

            Primary Logon ID: %3       Client User Name: %4

            Client Domain: %5          Client Logon ID: %6

 

  Event ID: 518

      Type: Success Audit

Description: A notification package has been loaded by the Security

            Account Manager. This package will be notified of any

            account or password changes.

            Notification Package Name: %1

 

  Event ID: 528

      Type: Success Audit

Description: Successful Logon:

            User Name: %1             Domain: %2

            Logon ID: %3              Logon Type: %4

            Logon Process: %5         Authentication Package: %6

            Workstation Name: %7

 

  Event ID: 529

      Type: Failure Audit

Description: Logon Failure:

            Reason: Unknown user name or bad password

            User Name: %1              Domain: %2

            Logon Type: %3             Logon Process: %4

            Authentication Package: %5 Workstation Name: %6

 

  Event ID: 530

      Type: Failure Audit

Description: Logon Failure:

            Reason: Account logon time restriction violation

            User Name: %1              Domain: %2

            Logon Type: %3             Logon Process: %4

            Authentication Package: %5 Workstation Name: %6

 

  Event ID: 531

      Type: Failure Audit

Description: Logon Failure:

            Reason: Account currently disabled

            User Name: %1              Domain: %2

            Logon Type: %3             Logon Process: %4

            Authentication Package: %5 Workstation Name: %6

 

  Event ID: 532

      Type: Failure Audit

Description: Logon Failure:

            Reason: The specified user account has expired

            User Name: %1              Domain: %2

            Logon Type: %3             Logon Process: %4

            Authentication Package: %5 Workstation Name: %6

 

  Event ID: 533

      Type: Failure Audit

Description: Logon Failure:

            Reason: User not allowed to logon at this computer

            User Name: %1              Domain: %2

            Logon Type: %3             Logon Process: %4

            Authentication Package: %5 Workstation Name: %6

 

  Event ID: 534

      Type: Failure Audit

Description: Logon Failure:

            Reason: The user has not been granted the requested logon

            type at this machine

            User Name: %1              Domain: %2

            Logon Type: %3             Logon Process: %4

            Authentication Package: %5 Workstation Name: %6

 

  Event ID: 535

      Type: Failure Audit

Description: Logon Failure:

            Reason: The specified account's password has expired

            User Name: %1              Domain: %2

            Logon Type: %3             Logon Process: %4

            Authentication Package: %5 Workstation Name: %6

 

  Event ID: 536

      Type: Failure Audit

Description: Logon Failure:

            Reason: The NetLogon component is not active

            User Name: %1              Domain: %2

            Logon Type: %3             Logon Process: %4

            Authentication Package: %5 Workstation Name: %6

 

  Event ID: 537

      Type: Failure Audit

Description: Logon Failure:

            Reason: An unexpected error occurred during logon

            User Name: %1              Domain: %2

            Logon Type: %3             Logon Process: %4

            Authentication Package: %5 Workstation Name: %6

 

  Event ID: 538

      Type: Success Audit

Description: User Logoff:

            User Name: %1             Domain: %2

            Logon ID: %3              Logon Type: %4

 

  Event ID: 539

      Type: Failure Audit

Description: Logon Failure:

            Reason: Account locked out

            User Name: %1              Domain: %2

            Logon Type: %3             Logon Process: %4

            Authentication Package: %5 Workstation Name: %6

 

  Event ID: 560

      Type: Success Audit

Description: Object Open:

            Object Server: %1          Object Type: %2

            Object Name: %3            New Handle ID: %4

            Operation ID: {%5,%6}

            Process ID: %7             Primary User Name: %8

            Primary Domain: %9         Primary Logon ID: %10

            Client User Name: %11      Client Domain: %12

            Client Logon ID: %13       Accesses %14

            Privileges %15

 

  Event ID: 561

      Type: Success Audit

Description: Handle Allocated:

            Handle ID: %1              Operation ID: {%2,%3}

            Process ID: %4

 

  Event ID: 562

      Type: Success Audit

Description: Handle Closed:

            Object Server: %1          Handle ID: %2

            Process ID: %3

 

  Event ID: 563

      Type: Success Audit

Description: Object Open for Delete:

            Object Server: %1          Object   Type: %2

            Object Name: %3            New Handle ID: %4

            Operation ID: {%5,%6}

            Process ID: %7             Primary User Name: %8

            Primary Domain: %9         Primary Logon ID: %10

            Client User Name: %11      Client Domain: %12

            Client Logon ID: %13       Accesses %14

            Privileges %15

 

  Event ID: 564

      Type: Success Audit

Description: Object Deleted:

            Object Server: %1          Handle ID: %2

            Process ID: %3

 

  Event ID: 576

      Type: Success Audit

Description: Special privileges assigned to new logon:

            User Name: %1             Domain: %2

            Logon ID: %3              Assigned: %4

 

  Event ID: 577

      Type: Success Audit

Description: Privileged Service Called:

            Server: %1              Service: %2

            Primary User Name: %3      Primary Domain: %4

            Primary Logon ID: %5       Client User Name: %6

            Client Domain: %7          Client Logon ID: %8

            Privileges: %9

 

  Event ID: 578

      Type: Failure Audit

Description: Privileged object operation:

            Object Server: %1          Object Handle: %2

            Process ID: %3             Primary User Name: %4

            Primary Domain: %5         Primary Logon ID: %6

            Client User Name: %7       Client Domain: %8

            Client Logon ID: %9        Privileges: %10

 

  Event ID: 592

      Type: Success Audit

Description: A new process has been created:

            New Process ID: %1         Image File Name: %2

            Creator Process ID: %3     User Name: %4

            Domain: %5                 Logon ID: %6

 

  Event ID: 593

      Type: Success Audit

Description: A process has exited:

            Process ID: %1             User Name: %2

            Domain: %3              Logon ID: %4

 

  Event ID: 594

      Type: Success Audit

Description: A handle to an object has been duplicated:

            Source Handle ID: %1       Source Process ID: %2

            Target Handle ID: %3       Target Process ID: %4

 

  Event ID: 595

      Type: Success Audit

Description: Indirect access to an object has been obtained:

            Object   Type: %1          Object Name: %2

            Process ID: %3             Primary User Name: %4

            Primary Domain: %5         Primary Logon ID: %6

            Client User Name: %7       Client Domain: %8

            Client Logon ID: %9        Accesses: %10

 

  Event ID: 608

      Type: Success Audit

Description: User Right Assigned:

            User Right: %1             Assigned To: %2

            Assigned By:

            User Name: %3              Domain: %4

            Logon ID: %5

 

  Event ID: 609

      Type: Success Audit

Description: User Right Removed:

            User Right: %1             Removed From: %2

            Removed By:

            User Name: %3              Domain: %4

            Logon ID: %5

 

  Event ID: 610

      Type: Success Audit

Description: New Trusted Domain:

            Domain Name: %1            Domain ID: %2

            Established By:

            User Name: %3              Domain: %4

            Logon ID: %5

 

  Event ID: 611

      Type: Success Audit

Description: Removing Trusted Domain:

            Domain Name: %1            Domain ID: %2

            Removed By:

            User Name: %3              Domain: %4

            Logon ID: %5

 

  Event ID: 612

      Type: Success Audit

Description: Audit Policy Change:

            New Policy:

            Success   Failure

              %1         %2    System

              %3         %4    Logon/Logoff

              %5         %6    Object Access

              %7         %8    Privilege Use

              %9        %10    Detailed Tracking

             %11        %12    Policy Change

             %13        %14    Account Management

            Changed By:

            User Name: %15             Domain Name: %16

            Logon ID: %17

 

  Event ID: 624

      Type: Success Audit

Description: User Account Created:

            New Account Name: %1       New Domain: %2

            New Account ID: %3         Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

            Privileges %7

 

  Event ID: 625

      Type: Success Audit

Description: User Account Type Change:

            Target Account Name: %1    Target Domain: %2

            Target Account ID: %3      New Type: %4

            Caller User Name: %5       Caller Domain: %6

            Caller Logon ID: %7

 

  Event ID: 626

      Type: Success Audit

Description: User Account Enabled:

            Target Account Name: %1    Target Domain: %2

            Target Account ID: %3      Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

 

  Event ID: 627

      Type: Success Audit

Description: Change Password Attempt:

            Target Account Name: %1    Target Domain: %2

            Target Account ID: %3      Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

            Privileges: %7

 

  Event ID: 628

      Type: Success Audit

Description: User Account password set:

            Target Account Name: %1    Target Domain: %2

            Target Account ID: %3      Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

 

  Event ID: 629

      Type: Success Audit

Description: User Account Disabled:

            Target Account Name: %1    Target Domain: %2

            Target Account ID: %3      Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

 

  Event ID: 630

      Type: Success Audit

Description: User Account Deleted:

            Target Account Name: %1    Target Domain: %2

            Target Account ID: %3      Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

            Privileges: %7

 

  Event ID: 631

      Type: Success Audit

Description: Global Group Created:

            New Account Name: %1       New Domain: %2

            New Account ID: %3         Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

            Privileges: %7

 

  Event ID: 632

      Type: Success Audit

Description: Global Group Member Added:

            Member: %1                 Target Account Name: %2

            Target Domain: %3          Target Account ID: %4

            Caller User Name: %5       Caller Domain: %6

            Caller Logon ID: %7        Privileges: %8

 

  Event ID: 633

      Type: Success Audit

Description: Global Group Member Removed:

            Member: %1                 Target Account Name: %2

            Target Domain: %3          Target Account ID: %4

            Caller User Name: %5       Caller Domain: %6

            Caller Logon ID: %7        Privileges: %8

 

  Event ID: 634

      Type: Success Audit

Description: Global Group Deleted:

            Target Account Name: %1    Target Domain: %2

            Target Account ID: %3      Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

            Privileges: %7

 

  Event ID: 635

      Type: Success Audit

Description: Local Group Created:

            New Account Name: %1       New Domain: %2

            New Account ID: %3         Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

            Privileges: %7

 

  Event ID: 636

      Type: Success Audit

Description: Local Group Member Added:

            Member: %1                 Target Account Name: %2

            Target Domain: %3          Target Account ID: %4

            Caller User Name: %5       Caller Domain: %6

            Caller Logon ID: %7        Privileges: %8

 

  Event ID: 637

      Type: Success Audit

Description: Local Group Member Removed:

            Member: %1                 Target Account Name: %2

            Target Domain: %3          Target Account ID: %4

            Caller User Name: %5       Caller Domain: %6

            Caller Logon ID: %7        Privileges: %8

 

  Event ID: 638

      Type: Success Audit

Description: Local Group Deleted:

            Target Account Name: %1    Target Domain: %2

            Target Account ID: %3      Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

            Privileges: %7

 

  Event ID: 639

      Type: Success Audit

Description: Local Group Changed:

            Target Account Name: %1    Target Domain: %2

            Target Account ID: %3      Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

            Privileges: %7

 

  Event ID: 640

      Type: Success Audit

Description: General Account Database Change:

            Type of change: %1         Object Type: %2

            Object Name: %3            Object ID: %4

            Caller User Name: %5       Caller Domain: %6

            Caller Logon ID: %7

 

  Event ID: 641

      Type: Success Audit

Description: Global Group Changed:

            Target Account Name: %1    Target Domain: %2

            Target Account ID: %3      Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

            Privileges: %7

 

  Event ID: 642

      Type: Success Audit

Description: User Account Changed:

            Target Account Name: %1    Target Domain: %2

            Target Account ID: %3      Caller User Name: %4

            Caller Domain: %5          Caller Logon ID: %6

            Privileges: %7

 

  Event ID: 643

      Type: Success Audit

Description: Domain Policy Changed:

            Domain: %1                 Domain ID: %2

            Caller User Name: %3       Caller Domain: %4

            Caller Logon ID: %5        Privileges: %6

 

  Event ID: 644

      Type: Success Audit

Description: User Account Locked Out

          Target Account Name:  %1   Target Account ID: %2

          Caller Machine Name:  %3   Caller User Name:  %4

          Caller Domain:      %5     Caller Logon ID:  %6