Event ID: 4912

Per User Audit Policy was changed

Per User Audit Policy was changed.

Subject:
    Security ID:        %1
    Account Name:       %2
    Account Domain:     %3
    Logon ID:           %4

Policy For Account:
    Security ID:        %5

Policy Change Details:
    Category:           %6
    Subcategory:        %7
    Subcategory GUID:   %8
    Changes:            %9
Microsoft Documentation

Event ID - 4912





Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Audit Policy Change"
How to enable Windows Auditing



LEFT/RIGHT arrow keys for navigation

Back to List