System32
Events
Scripts
Codes
GeoIP
Tools
Audit Category
Policy Change
(6)
Object Access
(1)
Audit Subcategory
Authorization Policy Change
(7)
Authentication Policy Change
(1)
File System
(1)
Registry
(1)
Operating Systems
Windows 2016
(7)
Windows 2019
(7)
Windows 10
(6)
Windows 2012 R2
(6)
Windows 2012
(5)
Windows 8
(5)
Windows 8.1
(5)
Windows 2008 R2
(4)
Windows 2008
(3)
Windows 7
(3)
Windows Vista
(3)
Tags
ID
Event Description
4670
Permissions on an object were changed
4703
A token right was adjusted
4704
A user right was assigned
4705
A user right was removed
4714
Data Recovery Agent group policy for Encrypting File System (EFS) has changed
4911
Resource attributes of the object were changed
4913
Central Access Policy on the object was changed