Event ID 4702

A scheduled task was updated 

A scheduled task was updated.

Subject:
    Security ID:        %1
    Account Name:       %2
    Account Domain:     %3
    Logon ID:           %4

Task Information:
    Task Name:          %5
    Task New Content:   %6


This event generates every time scheduled task was updated/changed.

EventSentry can monitor your scheduled tasks and log the exact changes that were made to a task, such as added values, removed values, or edited values with both the old value and new value documented. EventSentry logs these details to a database and also generates event ID 12412 in the Application log of Windows Event Viewer.

Auditing:     Always


Volume:     Low


PCI 3.2.1: 10.2.7


Microsoft Documentation

Event ID - 4702



Name Field Insertion String OS Example
Security ID SubjectUserSid %1 Any SOMEDOMAIN\UserName
Account Name SubjectUserName %2 Any UserName
Account Domain SubjectDomainName %3 Any SOMEDOMAIN
Logon ID SubjectLogonId %4 Any 0x345411
Task Name TaskName %5 Any \Microsoft\Windows\Defrag\ScheduledDefrag
Task Content TaskContentNew %6 Any New XML representation of scheduled task

Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Other Object Access Events"
How to enable Windows Auditing
Recommended Audit Policy

Operating Systems:
Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 2022

Tags:
Audit Success PCI-DSS
Audit Category:
Object Access

Audit Subcategory:
Other Object Access Events
Legacy Events:
602

Correlated Events:
4624

LEFT/RIGHT arrow keys for navigation

Back to List