Event ID 4717

System security access was granted to an account

System security access was granted to an account.

Subject:
    Security ID:        %1
    Account Name:       %2
    Account Domain:     %3
    Logon ID:           %4

Account Modified:
    Account Name:       %5

Access Granted:
    Access Right:       %6


Generates every time local logon user right policy is changed and logon right was granted to an account.

Auditing:     Always


Volume:     Low


ISO 27001:2013 A.9.2.5
NIST 800-171: 3.1.5
NIST SP 800-53: AC-6 (7)
CMMC v2 L2: AC.L2-3.1.5


Microsoft Documentation

Event ID - 4717



Name Field Insertion String OS Example
Security ID SubjectUserSid %1 Any DADOMAIN\DaUser
Account Name SubjectUserName %2 Any DaUser
Account Domain SubjectDomainName %3 Any DADOMAIN
Logon ID SubjectLogonId %4 Any 0x3e7
Account Name TargetSid %5 Any DADOMAIN\AnotherUser
Access Right AccessGranted %6 Any View Codes


Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Authentication Policy Change"



LEFT/RIGHT arrow keys for navigation

Back to List