Event ID: 4787

A non-member was added to a basic application group

A non-member was added to a basic application group.

Subject:
    Security ID:        %6
    Account Name:       %7
    Account Domain:     %8
    Logon ID:       %9

Member:
    Security ID:        %2
    Account Name:       %1

Group:
    Security ID:        %5
    Account Name:       %3
    Account Domain:     %4

Additional Information:
    Privileges:     %10

A non-member is an account that is explicitly excluded from membership in a basic application group.  Even if the account is specified as a member of the application group, either explicitly or through nested group membership, the account will not be treated as a group member if it is listed as a non-member.

Recommended Auditing
It's recommended to audit this event when utilizing the Windows Authorization Manager (aka AzMan).

AzMan is considered deprecated as of Windows Server 2012 R2 and may be removed from future versions of Windows.




Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Application Group Management"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List