Event ID: 4692

Backup of data protection master key was attempted 

Backup of data protection master key was attempted.

Subject:
    Security ID:        %1
    Account Name:       %2
    Account Domain:     %3
    Logon ID:           %4

Key Information:
    Key Identifier:     %5
    Recovery Server:    %6
    Recovery Key ID:    %7

Status Information:
    Status Code:        %8


Auditing:     Always

Generally only necessary for troubleshooting purposes, but due the low volume is nevertheless recommended.


Volume:     Low


Microsoft Documentation

Event ID - 4692


Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"DPAPI Activity"
How to enable Windows Auditing
Recommended Audit Policy

Operating Systems:
Windows Vista Windows 2008 Windows 7 Windows 2008 R2 Windows 8 Windows 2012 Windows 8.1 Windows 2012 R2 Windows 10 Windows 2016 Windows 2019

Tags:
Audit Success Audit Failure
Audit Category:
Detailed Tracking

Audit Subcategory:
DPAPI Activity
Legacy Events:
596

LEFT/RIGHT arrow keys for navigation

Back to List