Event ID: 4819Central Access Policies on the machine have been changed
Central Access Policies on the machine have been changed. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Object: Object Server: %5 Object Type: %6 CAPs Added:%7 CAPs Deleted:%8 CAPs Modified:%9 CAPs As-Is:%10
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Other Policy Change Events"
LEFT/RIGHT arrow keys for navigationBack to List