Event ID: 4705

A user right was removed

A user right was removed.

    Security ID:        %1
    Account Name:       %2
    Account Domain:     %3
    Logon ID:       %4

Target Account:
    Account Name:       %5

Removed Right:
    User Right:     %6
Microsoft Documentation

Event ID - 4705

Generates every time the local user right policy is changed and user right was removed from an account.

Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Authorization Policy Change"
How to enable Windows Auditing

Audit Category:
Policy Change

Audit Subcategory:
Authorization Policy Change
Legacy Events:

LEFT/RIGHT arrow keys for navigation

Back to List