Event ID: 4705A user right was removed
A user right was removed. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Target Account: Account Name: %5 Removed Right: User Right: %6
Generates every time the local user right policy is changed and user right was removed from an account.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Authorization Policy Change"
LEFT/RIGHT arrow keys for navigationBack to List