Event ID: 4799A security-enabled local group membership was enumerated
A security-enabled local group membership was enumerated. Subject: Security ID: %4 Account Name: %5 Account Domain: %6 Logon ID: %7 Group: Security ID: %3 Group Name: %1 Group Domain: %2 Process Information: Process ID: %8 Process Name: %9
This event generates when a process enumerates the members of a security-enabled local group on the computer or device.
This event doesn't generate when group members were enumerated using Active Directory Users and Computers snap-in.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Security Group Management"
Operating Systems:Windows 10 Windows 2016 Windows 2019
Audit Category:Account Management
Audit Subcategory:Security Group Management
LEFT/RIGHT arrow keys for navigationBack to List