Event ID 4717
System security access was granted to an accountSystem security access was granted to an account. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Account Modified: Account Name: %5 Access Granted: Access Right: %6
Generates every time local logon user right policy is changed and logon right was granted to an account.
Auditing:
Always
Volume:
Low
ISO 27001:2013 A.9.2.5
NIST 800-171: 3.1.5
NIST SP 800-53: AC-6 (7)
CMMC v2 L2: AC.L2-3.1.5
Microsoft Documentation
Name | Field | Insertion String | OS | Example | ||
---|---|---|---|---|---|---|
Security ID | SubjectUserSid | %1 | Any | DADOMAIN\DaUser | ||
Account Name | SubjectUserName | %2 | Any | DaUser | ||
Account Domain | SubjectDomainName | %3 | Any | DADOMAIN | ||
Logon ID | SubjectLogonId | %4 | Any | 0x3e7 | ||
Account Name | TargetSid | %5 | Any | DADOMAIN\AnotherUser | ||
Access Right | AccessGranted | %6 | Any | View Codes |
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Authentication Policy Change"
LEFT/RIGHT arrow keys for navigation
Back to List