Event ID: 4904An attempt was made to register a security event source
An attempt was made to register a security event source. Subject : Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Process: Process ID: %7 Process Name: %8 Event Source: Source Name: %5 Event Source ID: %6
This event generates every time a new security event source is registered. This event is typically triggered by the SYSTEM account as would typically list SYSTEM as the Security ID value.
You can typically see this event during system startup, if specific roles (Internet Information Services, or FSRM, for example) are installed in the system.
Since the volume of this event is low, it's recommended to audit this event.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Audit Policy Change"
LEFT/RIGHT arrow keys for navigationBack to List