Event ID: 4756

A member was added to a security-enabled universal group

A member was added to a security-enabled universal group.

Subject:
    Security ID:     %6
    Account Name:    %7
    Account Domain:  %8
    Logon ID:        %9

Member:
    Security ID:        %2
    Account Name:       %1

Group:
    Security ID:        %5
    Account Name:       %3
    Account Domain:     %4

Additional Information:
    Privileges:     %10



Name Field Insertion String OS Example
Account Name MemberName %1 Any CN=Administrator,CN=Users,DC=domain,DC=dom
Security ID MemberSid %2 Any S-1-5-21-345695894-305466303-1622526952-500
Account Name TargetUserName %3 Any Schema Admins
Account Domain TargetDomainName %4 Any DOMAIN
Security ID TargetSid %5 Any S-1-5-21-345695894-305466303-1622526952-518<
Security ID SubjectUserSid %6 Any S-1-5-7
Account Name SubjectUserName %7 Any ANONYMOUS LOGON
Account Domain SubjectDomainName %8 Any NT AUTHORITY
Logon ID SubjectLogonId %9 Any 0x3e6
Privileges PrivilegeList %10 Any View Codes


Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Security Group Management"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List