Event ID: 4705
A user right was removedA user right was removed. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Target Account: Account Name: %5 Removed Right: User Right: %6
Generates every time the local user right policy is changed and user right was removed from an account.
ISO 27001:2013 A.9.2.5
NIST 800-171: 3.1.1
NIST 800-171: 3.1.2
NIST 800-171: 3.3.8
NIST 800-171: 3.3.9
NIST SP 800-53: AC-2
NIST SP 800-53: AC-6 (7)
CMMC L1
CMMC L3
Microsoft Documentation
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Authorization Policy Change"
Operating Systems:
Windows 2008 R2 Windows 2012 R2 Windows 2016 Windows 2019Tags:
ISO 27001:2013 NIST 800-171 NIST SP 800-53 Audit Success CMMC L1 CMMC L3LEFT/RIGHT arrow keys for navigation
Back to List