Event ID: 4662

An operation was performed on an object

An operation was performed on an object.

Subject :
    Security ID:        %1
    Account Name:       %2
    Account Domain:     %3
    Logon ID:           %4

Object:
    Object Server:      %5
    Object Type:        %6
    Object Name:        %7
    Handle ID:          %9

Operation:
    Operation Type:     %8
    Accesses:           %10
    Access Mask:        %11
    Properties:         %12

Additional Information:
    Parameter 1:        %13
    Parameter 2:        %14
Microsoft Documentation

Event ID - 4662





Name Field Insertion String OS Example
Security ID SubjectUserSid %1 Any CORP\first.last
Account Name SubjectUserName %2 Any first.last
Account Domain SubjectDomainName %3 Any CORP
Logon ID SubjectLogonId %4 Any 0x35867
Object Server ObjectServer %5 Any DS
Object Type ObjectType %6 Any computer
Object Name ObjectName %7 Any CN=MyComputer,CN=Users,DC=sierraclub,DC=local
Operation Type OperationType %8 Any Object Access
Handle ID HandleId %9 Any 0x0
Accesses AccessList %10 Any DELETE
Access Mask AccessMask %11 Any View Codes
Properties Properties %12 Any DELETE {b845b74-0d6b-9a34-b873-00aa003049a1
Parameter 1 AdditionalInfo %13 Any -
Paramater 2 Additional Info2 %14 Any


Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Directory Service Access"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List