adtschema.dll.mui Security Audit Schema DLL 303ad9b6aea8ab05fdfba4d62c6578cc

File info

File name: adtschema.dll.mui
Size: 304128 byte
MD5: 303ad9b6aea8ab05fdfba4d62c6578cc
SHA1: 5660fe4b1824aca7be25e49bbbf8050b502f9edc
SHA256: 124cf4634071b602558f67d08dd28b0186f7711dcd93d9520a64306b417f8020
Operating systems: Windows 10
Extension: MUI

Translations messages and strings

If an error occurred or the following message in English (U.S.) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id English (U.S.) English
0x1200Windows is starting up.%n%nThis event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Windows is starting up.%n%nThis event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
0x1201Windows is shutting down.%nAll logon sessions will be terminated by this shutdown. Windows is shutting down.%nAll logon sessions will be terminated by this shutdown.
0x1202An authentication package has been loaded by the Local Security Authority.%nThis authentication package will be used to authenticate logon attempts.%n%nAuthentication Package Name:%t%1 An authentication package has been loaded by the Local Security Authority.%nThis authentication package will be used to authenticate logon attempts.%n%nAuthentication Package Name:%t%1
0x1203A trusted logon process has been registered with the Local Security Authority.%nThis logon process will be trusted to submit logon requests.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Process Name:%t%t%5 A trusted logon process has been registered with the Local Security Authority.%nThis logon process will be trusted to submit logon requests.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Process Name:%t%t%5
0x1204Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.%n%nNumber of audit messages discarded:%t%1%n%nThis event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk, or when the auditing system loses connectivity to the event log, such as when the event log service is stopped. Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.%n%nNumber of audit messages discarded:%t%1%n%nThis event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk, or when the auditing system loses connectivity to the event log, such as when the event log service is stopped.
0x1206A notification package has been loaded by the Security Account Manager.%nThis package will be notified of any account or password changes.%n%nNotification Package Name:%t%1 A notification package has been loaded by the Security Account Manager.%nThis package will be notified of any account or password changes.%n%nNotification Package Name:%t%1
0x1207Invalid use of LPC port.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tPID:%t%t%t%7%n%tName:%t%t%t%8%n%nInvalid Use:%t%t%5%n%nLPC Server Port Name:%t%6%n%nWindows Local Security Authority (LSA) communicates with the Windows kernel using Local Procedure Call (LPC) ports. If you see this event, an application has inadvertently or intentionally accessed this port which is reserved exclusively for LSA's use. The application (process) should be investigated to ensure that it is not attempting to tamper with this communications channel. Invalid use of LPC port.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tPID:%t%t%t%7%n%tName:%t%t%t%8%n%nInvalid Use:%t%t%5%n%nLPC Server Port Name:%t%6%n%nWindows Local Security Authority (LSA) communicates with the Windows kernel using Local Procedure Call (LPC) ports. If you see this event, an application has inadvertently or intentionally accessed this port which is reserved exclusively for LSA's use. The application (process) should be investigated to ensure that it is not attempting to tamper with this communications channel.
0x1208The system time was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tProcess ID:%t%7%n%tName:%t%t%8%n%nPrevious Time:%t%t%5%nNew Time:%t%t%6%n%nThis event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. The system time was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tProcess ID:%t%7%n%tName:%t%t%8%n%nPrevious Time:%t%t%5%nNew Time:%t%t%6%n%nThis event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
0x120AA monitored security event pattern has occurred.%n%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nAlert Information:%n%tComputer:%t%t%2%n%tEvent ID:%t%t%1%n%tNumber of Events:%t%7%n%tDuration:%t%t%8%n%nThis event is generated when Windows is configured to generate alerts in accordance with the Common Criteria Security Audit Analysis requirements (FAU_SAA) and an auditable event pattern occurs. A monitored security event pattern has occurred.%n%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nAlert Information:%n%tComputer:%t%t%2%n%tEvent ID:%t%t%1%n%tNumber of Events:%t%7%n%tDuration:%t%t%8%n%nThis event is generated when Windows is configured to generate alerts in accordance with the Common Criteria Security Audit Analysis requirements (FAU_SAA) and an auditable event pattern occurs.
0x120DAdministrator recovered system from CrashOnAuditFail. Users who are not administrators will now be allowed to log on. Some auditable activity might not have been recorded.%n%nValue of CrashOnAuditFail:%t%1%n%nThis event is logged after a system reboots following CrashOnAuditFail. Administrator recovered system from CrashOnAuditFail. Users who are not administrators will now be allowed to log on. Some auditable activity might not have been recorded.%n%nValue of CrashOnAuditFail:%t%1%n%nThis event is logged after a system reboots following CrashOnAuditFail.
0x120EA security package has been loaded by the Local Security Authority.%n%nSecurity Package Name:%t%1 A security package has been loaded by the Local Security Authority.%n%nSecurity Package Name:%t%1
0x1210An account was successfully logged on.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Information:%n%tLogon Type:%t%t%9%n%tRestricted Admin Mode:%t%22%n%tVirtual Account:%t%t%25%n%tElevated Token:%t%t%27%n%nImpersonation Level:%t%t%21%n%nNew Logon:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%tLinked Logon ID:%t%t%26%n%tNetwork Account Name:%t%23%n%tNetwork Account Domain:%t%24%n%tLogon GUID:%t%t%13%n%nProcess Information:%n%tProcess ID:%t%t%17%n%tProcess Name:%t%t%18%n%nNetwork Information:%n%tWorkstation Name:%t%12%n%tSource Network Address:%t%19%n%tSource Port:%t%t%20%n%nDetailed Authentication Information:%n%tLogon Process:%t%t%10%n%tAuthentication Package:%t%11%n%tTransited Services:%t%14%n%tPackage Name (NTLM only):%t%15%n%tKey Length:%t%t%16%n%nThis event is generated when a logon session is created. It is generated on the computer that was accessed.%n%nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).%n%nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.%n%nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.%n%nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.%n%nThe authentication information fields provide detailed information about this specific logon request.%n%t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.%n%t- Transited services indicate which intermediate services have participated in this logon request.%n%t- Package name indicates which sub-protocol was used among the NTLM protocols.%n%t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested. An account was successfully logged on.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Information:%n%tLogon Type:%t%t%9%n%tRestricted Admin Mode:%t%22%n%tVirtual Account:%t%t%25%n%tElevated Token:%t%t%27%n%nImpersonation Level:%t%t%21%n%nNew Logon:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%tLinked Logon ID:%t%t%26%n%tNetwork Account Name:%t%23%n%tNetwork Account Domain:%t%24%n%tLogon GUID:%t%t%13%n%nProcess Information:%n%tProcess ID:%t%t%17%n%tProcess Name:%t%t%18%n%nNetwork Information:%n%tWorkstation Name:%t%12%n%tSource Network Address:%t%19%n%tSource Port:%t%t%20%n%nDetailed Authentication Information:%n%tLogon Process:%t%t%10%n%tAuthentication Package:%t%11%n%tTransited Services:%t%14%n%tPackage Name (NTLM only):%t%15%n%tKey Length:%t%t%16%n%nThis event is generated when a logon session is created. It is generated on the computer that was accessed.%n%nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).%n%nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.%n%nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.%n%nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.%n%nThe authentication information fields provide detailed information about this specific logon request.%n%t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.%n%t- Transited services indicate which intermediate services have participated in this logon request.%n%t- Package name indicates which sub-protocol was used among the NTLM protocols.%n%t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
0x1211An account failed to log on.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%11%n%nAccount For Which Logon Failed:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%nFailure Information:%n%tFailure Reason:%t%t%9%n%tStatus:%t%t%t%8%n%tSub Status:%t%t%10%n%nProcess Information:%n%tCaller Process ID:%t%18%n%tCaller Process Name:%t%19%n%nNetwork Information:%n%tWorkstation Name:%t%14%n%tSource Network Address:%t%20%n%tSource Port:%t%t%21%n%nDetailed Authentication Information:%n%tLogon Process:%t%t%12%n%tAuthentication Package:%t%13%n%tTransited Services:%t%15%n%tPackage Name (NTLM only):%t%16%n%tKey Length:%t%t%17%n%nThis event is generated when a logon request fails. It is generated on the computer where access was attempted.%n%nThe Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).%n%nThe Process Information fields indicate which account and process on the system requested the logon.%n%nThe Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.%n%nThe authentication information fields provide detailed information about this specific logon request.%n%t- Transited services indicate which intermediate services have participated in this logon request.%n%t- Package name indicates which sub-protocol was used among the NTLM protocols.%n%t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested. An account failed to log on.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%11%n%nAccount For Which Logon Failed:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%nFailure Information:%n%tFailure Reason:%t%t%9%n%tStatus:%t%t%t%8%n%tSub Status:%t%t%10%n%nProcess Information:%n%tCaller Process ID:%t%18%n%tCaller Process Name:%t%19%n%nNetwork Information:%n%tWorkstation Name:%t%14%n%tSource Network Address:%t%20%n%tSource Port:%t%t%21%n%nDetailed Authentication Information:%n%tLogon Process:%t%t%12%n%tAuthentication Package:%t%13%n%tTransited Services:%t%15%n%tPackage Name (NTLM only):%t%16%n%tKey Length:%t%t%17%n%nThis event is generated when a logon request fails. It is generated on the computer where access was attempted.%n%nThe Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).%n%nThe Process Information fields indicate which account and process on the system requested the logon.%n%nThe Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.%n%nThe authentication information fields provide detailed information about this specific logon request.%n%t- Transited services indicate which intermediate services have participated in this logon request.%n%t- Package name indicates which sub-protocol was used among the NTLM protocols.%n%t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
0x1212User / Device claims information.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%9%n%nNew Logon:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nEvent in sequence:%t%t%10 of %11%n%nUser Claims:%t%t%t%12%n%nDevice Claims:%t%t%t%13%n%nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).%n%nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.%n%nThis event is generated when the Audit User/Device claims subcategory is configured and the user’s logon token contains user/device claims information. The Logon ID field can be used to correlate this event with the corresponding user logon event as well as to any other security audit events generated during this logon session. User / Device claims information.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%9%n%nNew Logon:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nEvent in sequence:%t%t%10 of %11%n%nUser Claims:%t%t%t%12%n%nDevice Claims:%t%t%t%13%n%nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).%n%nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.%n%nThis event is generated when the Audit User/Device claims subcategory is configured and the user’s logon token contains user/device claims information. The Logon ID field can be used to correlate this event with the corresponding user logon event as well as to any other security audit events generated during this logon session.
0x1213Group membership information.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%9%n%nNew Logon:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nEvent in sequence:%t%t%10 of %11%n%nGroup Membership:%t%t%t%12%n%nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).%n%nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.%n%nThis event is generated when the Audit Group Membership subcategory is configured. The Logon ID field can be used to correlate this event with the corresponding user logon event as well as to any other security audit events generated during this logon session. Group membership information.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%9%n%nNew Logon:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nEvent in sequence:%t%t%10 of %11%n%nGroup Membership:%t%t%t%12%n%nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).%n%nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.%n%nThis event is generated when the Audit Group Membership subcategory is configured. The Logon ID field can be used to correlate this event with the corresponding user logon event as well as to any other security audit events generated during this logon session.
0x121AAn account was logged off.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%5%n%nThis event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. An account was logged off.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%5%n%nThis event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
0x1226%1%n %1%n
0x1227User initiated logoff:%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nThis event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event. User initiated logoff:%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nThis event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
0x1228A logon was attempted using explicit credentials.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tLogon GUID:%t%t%5%n%nAccount Whose Credentials Were Used:%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon GUID:%t%t%8%n%nTarget Server:%n%tTarget Server Name:%t%9%n%tAdditional Information:%t%10%n%nProcess Information:%n%tProcess ID:%t%t%11%n%tProcess Name:%t%t%12%n%nNetwork Information:%n%tNetwork Address:%t%13%n%tPort:%t%t%t%14%n%nThis event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. A logon was attempted using explicit credentials.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tLogon GUID:%t%t%5%n%nAccount Whose Credentials Were Used:%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon GUID:%t%t%8%n%nTarget Server:%n%tTarget Server Name:%t%9%n%tAdditional Information:%t%10%n%nProcess Information:%n%tProcess ID:%t%t%11%n%tProcess Name:%t%t%12%n%nNetwork Information:%n%tNetwork Address:%t%13%n%tPort:%t%t%t%14%n%nThis event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
0x1229A replay attack was detected.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCredentials Which Were Replayed:%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%nProcess Information:%n%tProcess ID:%t%t%12%n%tProcess Name:%t%t%13%n%nNetwork Information:%n%tWorkstation Name:%t%10%n%nDetailed Authentication Information:%n%tRequest Type:%t%t%7%n%tLogon Process:%t%t%8%n%tAuthentication Package:%t%9%n%tTransited Services:%t%11%n%nThis event indicates that a Kerberos replay attack was detected- a request was received twice with identical information. This condition could be caused by network misconfiguration. A replay attack was detected.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCredentials Which Were Replayed:%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%nProcess Information:%n%tProcess ID:%t%t%12%n%tProcess Name:%t%t%13%n%nNetwork Information:%n%tWorkstation Name:%t%10%n%nDetailed Authentication Information:%n%tRequest Type:%t%t%7%n%tLogon Process:%t%t%8%n%tAuthentication Package:%t%9%n%tTransited Services:%t%11%n%nThis event indicates that a Kerberos replay attack was detected- a request was received twice with identical information. This condition could be caused by network misconfiguration.
0x122AAn IPsec main mode security association was established. Extended mode was not enabled. Certificate authentication was not used.%n%nLocal Endpoint:%n%tPrincipal Name:%t%1%n%tNetwork Address:%t%3%n%tKeying Module Port:%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%2%n%tNetwork Address:%t%5%n%tKeying Module Port:%t%6%n%nSecurity Association Information:%n%tLifetime (minutes):%t%12%n%tQuick Mode Limit:%t%13%n%tMain Mode SA ID:%t%17%n%nCryptographic Information:%n%tCipher Algorithm:%t%9%n%tIntegrity Algorithm:%t%10%n%tDiffie-Hellman Group:%t%11%n%nAdditional Information:%n%tKeying Module Name:%t%7%n%tAuthentication Method:%t%8%n%tRole:%t%14%n%tImpersonation State:%t%15%n%tMain Mode Filter ID:%t%16 An IPsec main mode security association was established. Extended mode was not enabled. Certificate authentication was not used.%n%nLocal Endpoint:%n%tPrincipal Name:%t%1%n%tNetwork Address:%t%3%n%tKeying Module Port:%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%2%n%tNetwork Address:%t%5%n%tKeying Module Port:%t%6%n%nSecurity Association Information:%n%tLifetime (minutes):%t%12%n%tQuick Mode Limit:%t%13%n%tMain Mode SA ID:%t%17%n%nCryptographic Information:%n%tCipher Algorithm:%t%9%n%tIntegrity Algorithm:%t%10%n%tDiffie-Hellman Group:%t%11%n%nAdditional Information:%n%tKeying Module Name:%t%7%n%tAuthentication Method:%t%8%n%tRole:%t%14%n%tImpersonation State:%t%15%n%tMain Mode Filter ID:%t%16
0x122BAn IPsec main mode security association was established. Extended mode was not enabled. A certificate was used for authentication.%n%nLocal Endpoint:%n%tPrincipal Name:%t%1%n%tNetwork Address:%t%9%n%tKeying Module Port:%t%10%n%nLocal Certificate:%n%tSHA Thumbprint:%t%2%n%tIssuing CA:%t%t%3%n%tRoot CA:%t%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%5%n%tNetwork Address:%t%11%n%tKeying Module Port:%t%12%n%nRemote Certificate:%n%tSHA thumbprint: %t%6%n%tIssuing CA:%t%t%7%n%tRoot CA:%t%t%8%n%nCryptographic Information:%n%tCipher Algorithm:%t%15%n%tIntegrity Algorithm:%t%16%n%tDiffie-Hellman Group:%t%17%n%nSecurity Association Information:%n%tLifetime (minutes):%t%18%n%tQuick Mode Limit:%t%19%n%tMain Mode SA ID:%t%23%n%nAdditional Information:%n%tKeying Module Name:%t%13%n%tAuthentication Method:%t%14%n%tRole:%t%20%n%tImpersonation State:%t%21%n%tMain Mode Filter ID:%t%22 An IPsec main mode security association was established. Extended mode was not enabled. A certificate was used for authentication.%n%nLocal Endpoint:%n%tPrincipal Name:%t%1%n%tNetwork Address:%t%9%n%tKeying Module Port:%t%10%n%nLocal Certificate:%n%tSHA Thumbprint:%t%2%n%tIssuing CA:%t%t%3%n%tRoot CA:%t%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%5%n%tNetwork Address:%t%11%n%tKeying Module Port:%t%12%n%nRemote Certificate:%n%tSHA thumbprint: %t%6%n%tIssuing CA:%t%t%7%n%tRoot CA:%t%t%8%n%nCryptographic Information:%n%tCipher Algorithm:%t%15%n%tIntegrity Algorithm:%t%16%n%tDiffie-Hellman Group:%t%17%n%nSecurity Association Information:%n%tLifetime (minutes):%t%18%n%tQuick Mode Limit:%t%19%n%tMain Mode SA ID:%t%23%n%nAdditional Information:%n%tKeying Module Name:%t%13%n%tAuthentication Method:%t%14%n%tRole:%t%20%n%tImpersonation State:%t%21%n%tMain Mode Filter ID:%t%22
0x122CAn IPsec main mode negotiation failed.%n%n%nLocal Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%9%n%tKeying Module Port:%t%10%n%nLocal Certificate:%n%tSHA Thumbprint:%t%2%n%tIssuing CA:%t%t%3%n%tRoot CA:%t%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%5%n%tNetwork Address:%t%11%n%tKeying Module Port:%t%12%n%nRemote Certificate:%n%tSHA thumbprint:%t%t%6%n%tIssuing CA:%t%t%7%n%tRoot CA:%t%t%8%n%nAdditional Information:%n%tKeying Module Name:%t%13%n%tAuthentication Method:%t%16%n%tRole:%t%t%t%18%n%tImpersonation State:%t%19%n%tMain Mode Filter ID:%t%20%n%nFailure Information:%n%tFailure Point:%t%t%14%n%tFailure Reason:%t%t%15%n%tState:%t%t%t%17%n%tInitiator Cookie:%t%t%21%n%tResponder Cookie:%t%22 An IPsec main mode negotiation failed.%n%n%nLocal Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%9%n%tKeying Module Port:%t%10%n%nLocal Certificate:%n%tSHA Thumbprint:%t%2%n%tIssuing CA:%t%t%3%n%tRoot CA:%t%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%5%n%tNetwork Address:%t%11%n%tKeying Module Port:%t%12%n%nRemote Certificate:%n%tSHA thumbprint:%t%t%6%n%tIssuing CA:%t%t%7%n%tRoot CA:%t%t%8%n%nAdditional Information:%n%tKeying Module Name:%t%13%n%tAuthentication Method:%t%16%n%tRole:%t%t%t%18%n%tImpersonation State:%t%19%n%tMain Mode Filter ID:%t%20%n%nFailure Information:%n%tFailure Point:%t%t%14%n%tFailure Reason:%t%t%15%n%tState:%t%t%t%17%n%tInitiator Cookie:%t%t%21%n%tResponder Cookie:%t%22
0x122DAn IPsec main mode negotiation failed.%n%nLocal Endpoint:%n%tLocal Principal Name:%t%1%n%tNetwork Address:%t%3%n%tKeying Module Port:%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%2%n%tNetwork Address:%t%5%n%tKeying Module Port:%t%6%n%nAdditional Information:%n%tKeying Module Name:%t%7%n%tAuthentication Method:%t%10%n%tRole:%t%t%t%12%n%tImpersonation State:%t%13%n%tMain Mode Filter ID:%t%14%n%nFailure Information:%n%tFailure Point:%t%t%8%n%tFailure Reason:%t%t%9%n%tState:%t%t%t%11%n%tInitiator Cookie:%t%t%15%n%tResponder Cookie:%t%16 An IPsec main mode negotiation failed.%n%nLocal Endpoint:%n%tLocal Principal Name:%t%1%n%tNetwork Address:%t%3%n%tKeying Module Port:%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%2%n%tNetwork Address:%t%5%n%tKeying Module Port:%t%6%n%nAdditional Information:%n%tKeying Module Name:%t%7%n%tAuthentication Method:%t%10%n%tRole:%t%t%t%12%n%tImpersonation State:%t%13%n%tMain Mode Filter ID:%t%14%n%nFailure Information:%n%tFailure Point:%t%t%8%n%tFailure Reason:%t%t%9%n%tState:%t%t%t%11%n%tInitiator Cookie:%t%t%15%n%tResponder Cookie:%t%16
0x122EAn IPsec quick mode negotiation failed.%n%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tNetwork Address mask:%t%2%n%tPort:%t%t%t%3%n%tTunnel Endpoint:%t%t%4%n%nRemote Endpoint:%n%tNetwork Address:%t%5%n%tAddress Mask:%t%t%6%n%tPort:%t%t%t%7%n%tTunnel Endpoint:%t%t%8%n%tPrivate Address:%t%t%10%n%nAdditional Information:%n%tProtocol:%t%t%9%n%tKeying Module Name:%t%11%n%tVirtual Interface Tunnel ID:%t%20%n%tTraffic Selector ID:%t%21%n%tMode:%t%t%t%14%n%tRole:%t%t%t%16%n%tQuick Mode Filter ID:%t%18%n%tMain Mode SA ID:%t%19%n%nFailure Information:%n%tState:%t%t%t%15%n%tMessage ID:%t%t%17%n%tFailure Point:%t%t%12%n%tFailure Reason:%t%t%13 An IPsec quick mode negotiation failed.%n%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tNetwork Address mask:%t%2%n%tPort:%t%t%t%3%n%tTunnel Endpoint:%t%t%4%n%nRemote Endpoint:%n%tNetwork Address:%t%5%n%tAddress Mask:%t%t%6%n%tPort:%t%t%t%7%n%tTunnel Endpoint:%t%t%8%n%tPrivate Address:%t%t%10%n%nAdditional Information:%n%tProtocol:%t%t%9%n%tKeying Module Name:%t%11%n%tVirtual Interface Tunnel ID:%t%20%n%tTraffic Selector ID:%t%21%n%tMode:%t%t%t%14%n%tRole:%t%t%t%16%n%tQuick Mode Filter ID:%t%18%n%tMain Mode SA ID:%t%19%n%nFailure Information:%n%tState:%t%t%t%15%n%tMessage ID:%t%t%17%n%tFailure Point:%t%t%12%n%tFailure Reason:%t%t%13
0x122FAn IPsec main mode security association ended.%n%nLocal Network Address:%t%t%1%nRemote Network Address:%t%2%nKeying Module Name:%t%t%3%nMain Mode SA ID:%t%t%4 An IPsec main mode security association ended.%n%nLocal Network Address:%t%t%1%nRemote Network Address:%t%2%nKeying Module Name:%t%t%3%nMain Mode SA ID:%t%t%4
0x1230A handle to an object was requested.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%tObject Name:%t%t%7%n%tHandle ID:%t%t%8%n%tResource Attributes:%t%17%n%nProcess Information:%n%tProcess ID:%t%t%15%n%tProcess Name:%t%t%16%n%nAccess Request Information:%n%tTransaction ID:%t%t%9%n%tAccesses:%t%t%10%n%tAccess Reasons:%t%t%11%n%tAccess Mask:%t%t%12%n%tPrivileges Used for Access Check:%t%13%n%tRestricted SID Count:%t%14 A handle to an object was requested.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%tObject Name:%t%t%7%n%tHandle ID:%t%t%8%n%tResource Attributes:%t%17%n%nProcess Information:%n%tProcess ID:%t%t%15%n%tProcess Name:%t%t%16%n%nAccess Request Information:%n%tTransaction ID:%t%t%9%n%tAccesses:%t%t%10%n%tAccess Reasons:%t%t%11%n%tAccess Mask:%t%t%12%n%tPrivileges Used for Access Check:%t%13%n%tRestricted SID Count:%t%14
0x1231A registry value was modified.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Name:%t%t%5%n%tObject Value Name:%t%6%n%tHandle ID:%t%t%7%n%tOperation Type:%t%t%8%n%nProcess Information:%n%tProcess ID:%t%t%13%n%tProcess Name:%t%t%14%n%nChange Information:%n%tOld Value Type:%t%t%9%n%tOld Value:%t%t%10%n%tNew Value Type:%t%t%11%n%tNew Value:%t%t%12 A registry value was modified.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Name:%t%t%5%n%tObject Value Name:%t%6%n%tHandle ID:%t%t%7%n%tOperation Type:%t%t%8%n%nProcess Information:%n%tProcess ID:%t%t%13%n%tProcess Name:%t%t%14%n%nChange Information:%n%tOld Value Type:%t%t%9%n%tOld Value:%t%t%10%n%tNew Value Type:%t%t%11%n%tNew Value:%t%t%12
0x1232The handle to an object was closed.%n%nSubject :%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tHandle ID:%t%t%6%n%nProcess Information:%n%tProcess ID:%t%t%7%n%tProcess Name:%t%t%8 The handle to an object was closed.%n%nSubject :%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tHandle ID:%t%t%6%n%nProcess Information:%n%tProcess ID:%t%t%7%n%tProcess Name:%t%t%8
0x1233A handle to an object was requested with intent to delete.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%13%n%nAccess Request Information:%n%tTransaction ID:%t%9%n%tAccesses:%t%10%n%tAccess Mask:%t%11%n%tPrivileges Used for Access Check:%t%12 A handle to an object was requested with intent to delete.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%13%n%nAccess Request Information:%n%tTransaction ID:%t%9%n%tAccesses:%t%10%n%tAccess Mask:%t%11%n%tPrivileges Used for Access Check:%t%12
0x1234An object was deleted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tHandle ID:%t%6%n%nProcess Information:%n%tProcess ID:%t%7%n%tProcess Name:%t%8%n%tTransaction ID:%t%9 An object was deleted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tHandle ID:%t%6%n%nProcess Information:%n%tProcess ID:%t%7%n%tProcess Name:%t%8%n%tTransaction ID:%t%9
0x1235A handle to an object was requested.%n%nSubject :%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%16%n%tProcess Name:%t%17%n%nAccess Request Information:%n%tTransaction ID:%t%9%n%tAccesses:%t%10%n%tAccess Reasons:%t%t%11%n%tAccess Mask:%t%12%n%tPrivileges Used for Access Check:%t%13%n%tProperties:%t%14%n%tRestricted SID Count:%t%15 A handle to an object was requested.%n%nSubject :%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%16%n%tProcess Name:%t%17%n%nAccess Request Information:%n%tTransaction ID:%t%9%n%tAccesses:%t%10%n%tAccess Reasons:%t%t%11%n%tAccess Mask:%t%12%n%tPrivileges Used for Access Check:%t%13%n%tProperties:%t%14%n%tRestricted SID Count:%t%15
0x1236An operation was performed on an object.%n%nSubject :%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%tObject Name:%t%t%7%n%tHandle ID:%t%t%9%n%nOperation:%n%tOperation Type:%t%t%8%n%tAccesses:%t%t%10%n%tAccess Mask:%t%t%11%n%tProperties:%t%t%12%n%nAdditional Information:%n%tParameter 1:%t%t%13%n%tParameter 2:%t%t%14 An operation was performed on an object.%n%nSubject :%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%tObject Name:%t%t%7%n%tHandle ID:%t%t%9%n%nOperation:%n%tOperation Type:%t%t%8%n%tAccesses:%t%t%10%n%tAccess Mask:%t%t%11%n%tProperties:%t%t%12%n%nAdditional Information:%n%tParameter 1:%t%t%13%n%tParameter 2:%t%t%14
0x1237An attempt was made to access an object.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%tObject Name:%t%t%7%n%tHandle ID:%t%t%8%n%tResource Attributes:%t%13%n%nProcess Information:%n%tProcess ID:%t%t%11%n%tProcess Name:%t%t%12%n%nAccess Request Information:%n%tAccesses:%t%t%9%n%tAccess Mask:%t%t%10 An attempt was made to access an object.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%tObject Name:%t%t%7%n%tHandle ID:%t%t%8%n%tResource Attributes:%t%13%n%nProcess Information:%n%tProcess ID:%t%t%11%n%tProcess Name:%t%t%12%n%nAccess Request Information:%n%tAccesses:%t%t%9%n%tAccess Mask:%t%t%10
0x1238An attempt was made to create a hard link.%n%nSubject:%n%tAccount Name:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLink Information:%n%tFile Name:%t%5%n%tLink Name:%t%6%n%tTransaction ID:%t%7 An attempt was made to create a hard link.%n%nSubject:%n%tAccount Name:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLink Information:%n%tFile Name:%t%5%n%tLink Name:%t%6%n%tTransaction ID:%t%7
0x1239An attempt was made to create an application client context.%n%nSubject:%n%tClient Name:%t%t%3%n%tClient Domain:%t%t%4%n%tClient Context ID:%t%5%n%nApplication Information:%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2%n%nStatus:%t%6 An attempt was made to create an application client context.%n%nSubject:%n%tClient Name:%t%t%3%n%tClient Domain:%t%t%4%n%tClient Context ID:%t%5%n%nApplication Information:%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2%n%nStatus:%t%6
0x123AAn application attempted an operation:%n%nSubject:%n%tClient Name:%t%t%5%n%tClient Domain:%t%t%6%n%tClient Context ID:%t%7%n%nObject:%n%tObject Name:%t%t%3%n%tScope Names:%t%t%4%n%nApplication Information:%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2%n%nAccess Request Information:%n%tRole:%t%t%t%8%n%tGroups:%t%t%t%9%n%tOperation Name:%t%10 (%11) An application attempted an operation:%n%nSubject:%n%tClient Name:%t%t%5%n%tClient Domain:%t%t%6%n%tClient Context ID:%t%7%n%nObject:%n%tObject Name:%t%t%3%n%tScope Names:%t%t%4%n%nApplication Information:%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2%n%nAccess Request Information:%n%tRole:%t%t%t%8%n%tGroups:%t%t%t%9%n%tOperation Name:%t%10 (%11)
0x123BAn application client context was deleted.%n%nSubject:%n%tClient Name:%t%t%3%n%tClient Domain:%t%t%4%n%tClient Context ID:%t%5%n%nApplication Information:%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2 An application client context was deleted.%n%nSubject:%n%tClient Name:%t%t%3%n%tClient Domain:%t%t%4%n%tClient Context ID:%t%5%n%nApplication Information:%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2
0x123CAn application was initialized.%n%nSubject:%n%tClient Name:%t%3%n%tClient Domain:%t%4%n%tClient ID:%t%5%n%nApplication Information:%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2%n%nAdditional Information:%n%tPolicy Store URL:%t%6 An application was initialized.%n%nSubject:%n%tClient Name:%t%3%n%tClient Domain:%t%4%n%tClient ID:%t%5%n%nApplication Information:%n%tApplication Name:%t%1%n%tApplication Instance ID:%t%2%n%nAdditional Information:%n%tPolicy Store URL:%t%6
0x123EPermissions on an object were changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nPermissions Change:%n%tOriginal Security Descriptor:%t%9%n%tNew Security Descriptor:%t%10 Permissions on an object were changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nPermissions Change:%n%tOriginal Security Descriptor:%t%9%n%tNew Security Descriptor:%t%10
0x123FAn application attempted to access a blocked ordinal through the TBS.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nOrdinal:%t%5 An application attempted to access a blocked ordinal through the TBS.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nOrdinal:%t%5
0x1240Special privileges assigned to new logon.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nPrivileges:%t%t%5 Special privileges assigned to new logon.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nPrivileges:%t%t%5
0x1241A privileged service was called.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nService:%n%tServer:%t%5%n%tService Name:%t%6%n%nProcess:%n%tProcess ID:%t%8%n%tProcess Name:%t%9%n%nService Request Information:%n%tPrivileges:%t%t%7 A privileged service was called.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nService:%n%tServer:%t%5%n%tService Name:%t%6%n%nProcess:%n%tProcess ID:%t%8%n%tProcess Name:%t%9%n%nService Request Information:%n%tPrivileges:%t%t%7
0x1242An operation was attempted on a privileged object.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tObject Handle:%t%8%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nRequested Operation:%n%tDesired Access:%t%9%n%tPrivileges:%t%t%10 An operation was attempted on a privileged object.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tObject Handle:%t%8%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nRequested Operation:%n%tDesired Access:%t%9%n%tPrivileges:%t%t%10
0x1243SIDs were filtered.%n%nTarget Account:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%nTrust Information:%n%tTrust Direction:%t%4%n%tTrust Attributes:%t%5%n%tTrust Type:%t%6%n%tTDO Domain SID:%t%7%n%nFiltered SIDs:%t%8 SIDs were filtered.%n%nTarget Account:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%nTrust Information:%n%tTrust Direction:%t%4%n%tTrust Attributes:%t%5%n%tTrust Type:%t%6%n%tTDO Domain SID:%t%7%n%nFiltered SIDs:%t%8
0x1250A new process has been created.%n%nCreator Subject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTarget Subject:%n%tSecurity ID:%t%t%10%n%tAccount Name:%t%t%11%n%tAccount Domain:%t%t%12%n%tLogon ID:%t%t%13%n%nProcess Information:%n%tNew Process ID:%t%t%5%n%tNew Process Name:%t%6!S!%n%tToken Elevation Type:%t%7%n%tMandatory Label:%t%t%15%n%tCreator Process ID:%t%8%n%tCreator Process Name:%t%14!S!%n%tProcess Command Line:%t%9!S!%n%nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.%n%nType 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.%n%nType 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.%n%nType 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. A new process has been created.%n%nCreator Subject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTarget Subject:%n%tSecurity ID:%t%t%10%n%tAccount Name:%t%t%11%n%tAccount Domain:%t%t%12%n%tLogon ID:%t%t%13%n%nProcess Information:%n%tNew Process ID:%t%t%5%n%tNew Process Name:%t%6!S!%n%tToken Elevation Type:%t%7%n%tMandatory Label:%t%t%15%n%tCreator Process ID:%t%8%n%tCreator Process Name:%t%14!S!%n%tProcess Command Line:%t%9!S!%n%nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.%n%nType 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.%n%nType 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.%n%nType 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
0x1251A process has exited.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tProcess ID:%t%6%n%tProcess Name:%t%7%n%tExit Status:%t%5 A process has exited.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tProcess ID:%t%6%n%tProcess Name:%t%7%n%tExit Status:%t%5
0x1252An attempt was made to duplicate a handle to an object.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nSource Handle Information:%n%tSource Handle ID:%t%5%n%tSource Process ID:%t%6%n%nNew Handle Information:%n%tTarget Handle ID:%t%7%n%tTarget Process ID:%t%8 An attempt was made to duplicate a handle to an object.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nSource Handle Information:%n%tSource Handle ID:%t%5%n%tSource Process ID:%t%6%n%nNew Handle Information:%n%tTarget Handle ID:%t%7%n%tTarget Process ID:%t%8
0x1253Indirect access to an object was requested.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Type:%t%5%n%tObject Name:%t%6%n%nProcess Information:%n%tProcess ID:%t%9%n%nAccess Request Information:%n%tAccesses:%t%7%n%tAccess Mask:%t%8 Indirect access to an object was requested.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Type:%t%5%n%tObject Name:%t%6%n%nProcess Information:%n%tProcess ID:%t%9%n%nAccess Request Information:%n%tAccesses:%t%7%n%tAccess Mask:%t%8
0x1254Backup of data protection master key was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nKey Information:%n%tKey Identifier:%t%5%n%tRecovery Server:%t%6%n%tRecovery Key ID:%t%7%n%nStatus Information:%n%tStatus Code:%t%8 Backup of data protection master key was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nKey Information:%n%tKey Identifier:%t%5%n%tRecovery Server:%t%6%n%tRecovery Key ID:%t%7%n%nStatus Information:%n%tStatus Code:%t%8
0x1255Recovery of data protection master key was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nKey Information:%n%tKey Identifier:%t%5%n%tRecovery Server:%t%6%n%tRecovery Key ID:%t%8%n%tRecovery Reason:%t%7%n%nStatus Information:%n%tStatus Code:%t%9 Recovery of data protection master key was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nKey Information:%n%tKey Identifier:%t%5%n%tRecovery Server:%t%6%n%tRecovery Key ID:%t%8%n%tRecovery Reason:%t%7%n%nStatus Information:%n%tStatus Code:%t%9
0x1256Protection of auditable protected data was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProtected Data:%n%tData Description:%t%6%n%tKey Identifier:%t%5%n%tProtected Data Flags:%t%7%n%tProtection Algorithms:%t%8%n%nStatus Information:%n%tStatus Code:%t%9 Protection of auditable protected data was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProtected Data:%n%tData Description:%t%6%n%tKey Identifier:%t%5%n%tProtected Data Flags:%t%7%n%tProtection Algorithms:%t%8%n%nStatus Information:%n%tStatus Code:%t%9
0x1257Unprotection of auditable protected data was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProtected Data:%n%tData Description:%t%6%n%tKey Identifier:%t%5%n%tProtected Data Flags:%t%7%n%tProtection Algorithms:%t%8%n%nStatus Information:%n%tStatus Code:%t%9 Unprotection of auditable protected data was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProtected Data:%n%tData Description:%t%6%n%tKey Identifier:%t%5%n%tProtected Data Flags:%t%7%n%tProtection Algorithms:%t%8%n%nStatus Information:%n%tStatus Code:%t%9
0x1258A primary token was assigned to process.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nTarget Process:%n%tTarget Process ID:%t%9%n%tTarget Process Name:%t%10%n%nNew Token Information:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8 A primary token was assigned to process.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nTarget Process:%n%tTarget Process ID:%t%9%n%tTarget Process Name:%t%10%n%nNew Token Information:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8
0x1259A service was installed in the system.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nService Information:%n%tService Name: %t%t%5%n%tService File Name:%t%6%n%tService Type: %t%t%7%n%tService Start Type:%t%8%n%tService Account: %t%t%9 A service was installed in the system.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nService Information:%n%tService Name: %t%t%5%n%tService File Name:%t%6%n%tService Type: %t%t%7%n%tService Start Type:%t%8%n%tService Account: %t%t%9
0x125AA scheduled task was created.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTask Information:%n%tTask Name: %t%t%5%n%tTask Content: %t%t%6%n%t A scheduled task was created.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTask Information:%n%tTask Name: %t%t%5%n%tTask Content: %t%t%6%n%t
0x125BA scheduled task was deleted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTask Information:%n%tTask Name: %t%t%5%n%tTask Content: %t%t%6%n%t A scheduled task was deleted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTask Information:%n%tTask Name: %t%t%5%n%tTask Content: %t%t%6%n%t
0x125CA scheduled task was enabled.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTask Information:%n%tTask Name: %t%t%5%n%tTask Content: %t%t%6%n%t A scheduled task was enabled.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTask Information:%n%tTask Name: %t%t%5%n%tTask Content: %t%t%6%n%t
0x125DA scheduled task was disabled.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTask Information:%n%tTask Name: %t%t%5%n%tTask Content: %t%t%6%n%t A scheduled task was disabled.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTask Information:%n%tTask Name: %t%t%5%n%tTask Content: %t%t%6%n%t
0x125EA scheduled task was updated.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTask Information:%n%tTask Name: %t%t%5%n%tTask New Content: %t%t%6%n%t A scheduled task was updated.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTask Information:%n%tTask Name: %t%t%5%n%tTask New Content: %t%t%6%n%t
0x125FA token right was adjusted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTarget Account:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nProcess Information:%n%tProcess ID:%t%t%10%n%tProcess Name:%t%t%9%n%nEnabled Privileges:%n%t%t%t%11%n%nDisabled Privileges:%n%t%t%t%12 A token right was adjusted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTarget Account:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nProcess Information:%n%tProcess ID:%t%t%10%n%tProcess Name:%t%t%9%n%nEnabled Privileges:%n%t%t%t%11%n%nDisabled Privileges:%n%t%t%t%12
0x1260A user right was assigned.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTarget Account:%n%tAccount Name:%t%t%5%n%nNew Right:%n%tUser Right:%t%t%6 A user right was assigned.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTarget Account:%n%tAccount Name:%t%t%5%n%nNew Right:%n%tUser Right:%t%t%6
0x1261A user right was removed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTarget Account:%n%tAccount Name:%t%t%5%n%nRemoved Right:%n%tUser Right:%t%t%6 A user right was removed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTarget Account:%n%tAccount Name:%t%t%5%n%nRemoved Right:%n%tUser Right:%t%t%6
0x1262A new trust was created to a domain.%n%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nTrusted Domain:%n%tDomain Name:%t%t%1%n%tDomain ID:%t%t%2%n%nTrust Information:%n%tTrust Type:%t%t%7%n%tTrust Direction:%t%t%8%n%tTrust Attributes:%t%t%9%n%tSID Filtering:%t%t%10 A new trust was created to a domain.%n%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nTrusted Domain:%n%tDomain Name:%t%t%1%n%tDomain ID:%t%t%2%n%nTrust Information:%n%tTrust Type:%t%t%7%n%tTrust Direction:%t%t%8%n%tTrust Attributes:%t%t%9%n%tSID Filtering:%t%t%10
0x1263A trust to a domain was removed.%n%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nDomain Information:%n%tDomain Name:%t%t%1%n%tDomain ID:%t%t%2 A trust to a domain was removed.%n%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nDomain Information:%n%tDomain Name:%t%t%1%n%tDomain ID:%t%t%2
0x1265The IPsec Policy Agent service was started.%n%n%1%n%nPolicy Source: %t%2%n%n%3 The IPsec Policy Agent service was started.%n%n%1%n%nPolicy Source: %t%2%n%n%3
0x1266The IPsec Policy Agent service was disabled.%n%n%1%n%2 The IPsec Policy Agent service was disabled.%n%n%1%n%2
0x1267%1 %1
0x1268IPsec Policy Agent encountered a potentially serious failure.%n%1 IPsec Policy Agent encountered a potentially serious failure.%n%1
0x1269Kerberos policy was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nChanges Made:%n('--' means no changes, otherwise each change is shown as:%n(Parameter Name):%t(new value) (old value))%n%5 Kerberos policy was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nChanges Made:%n('--' means no changes, otherwise each change is shown as:%n(Parameter Name):%t(new value) (old value))%n%5
0x126AData Recovery Agent group policy for Encrypting File System (EFS) has changed. The new changes have been applied. Data Recovery Agent group policy for Encrypting File System (EFS) has changed. The new changes have been applied.
0x126BThe audit policy (SACL) on an object was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain: %t%3%n%tLogon ID: %t%t%4%n%nAudit Policy Change:%n%tOriginal Security Descriptor: %t%5%n%tNew Security Descriptor: %t%t%6 The audit policy (SACL) on an object was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain: %t%3%n%tLogon ID: %t%t%4%n%nAudit Policy Change:%n%tOriginal Security Descriptor: %t%5%n%tNew Security Descriptor: %t%t%6
0x126CTrusted domain information was modified.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTrusted Domain:%n%tDomain Name:%t%t%5%n%tDomain ID:%t%t%6%n%nNew Trust Information:%n%tTrust Type:%t%t%7%n%tTrust Direction:%t%t%8%n%tTrust Attributes:%t%t%9%n%tSID Filtering:%t%t%10 Trusted domain information was modified.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTrusted Domain:%n%tDomain Name:%t%t%5%n%tDomain ID:%t%t%6%n%nNew Trust Information:%n%tTrust Type:%t%t%7%n%tTrust Direction:%t%t%8%n%tTrust Attributes:%t%t%9%n%tSID Filtering:%t%t%10
0x126DSystem security access was granted to an account.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAccount Modified:%n%tAccount Name:%t%t%5%n%nAccess Granted:%n%tAccess Right:%t%t%6 System security access was granted to an account.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAccount Modified:%n%tAccount Name:%t%t%5%n%nAccess Granted:%n%tAccess Right:%t%t%6
0x126ESystem security access was removed from an account.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAccount Modified:%n%tAccount Name:%t%t%5%n%nAccess Removed:%n%tAccess Right:%t%t%6 System security access was removed from an account.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAccount Modified:%n%tAccount Name:%t%t%5%n%nAccess Removed:%n%tAccess Right:%t%t%6
0x126FSystem audit policy was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAudit Policy Change:%n%tCategory:%t%t%5%n%tSubcategory:%t%t%6%n%tSubcategory GUID:%t%7%n%tChanges:%t%t%8 System audit policy was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAudit Policy Change:%n%tCategory:%t%t%5%n%tSubcategory:%t%t%6%n%tSubcategory GUID:%t%7%n%tChanges:%t%t%8
0x1270A user account was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nNew Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tDisplay Name:%t%t%10%n%tUser Principal Name:%t%11%n%tHome Directory:%t%t%12%n%tHome Drive:%t%t%13%n%tScript Path:%t%t%14%n%tProfile Path:%t%t%15%n%tUser Workstations:%t%16%n%tPassword Last Set:%t%17%n%tAccount Expires:%t%t%18%n%tPrimary Group ID:%t%19%n%tAllowed To Delegate To:%t%20%n%tOld UAC Value:%t%t%21%n%tNew UAC Value:%t%t%22%n%tUser Account Control:%t%23%n%tUser Parameters:%t%24%n%tSID History:%t%t%25%n%tLogon Hours:%t%t%26%n%nAdditional Information:%n%tPrivileges%t%t%8 A user account was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nNew Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tDisplay Name:%t%t%10%n%tUser Principal Name:%t%11%n%tHome Directory:%t%t%12%n%tHome Drive:%t%t%13%n%tScript Path:%t%t%14%n%tProfile Path:%t%t%15%n%tUser Workstations:%t%16%n%tPassword Last Set:%t%17%n%tAccount Expires:%t%t%18%n%tPrimary Group ID:%t%19%n%tAllowed To Delegate To:%t%20%n%tOld UAC Value:%t%t%21%n%tNew UAC Value:%t%t%22%n%tUser Account Control:%t%23%n%tUser Parameters:%t%24%n%tSID History:%t%t%25%n%tLogon Hours:%t%t%26%n%nAdditional Information:%n%tPrivileges%t%t%8
0x1272A user account was enabled.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2 A user account was enabled.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2
0x1273An attempt was made to change an account's password.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges%t%t%8 An attempt was made to change an account's password.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges%t%t%8
0x1274An attempt was made to reset an account's password.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2 An attempt was made to reset an account's password.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2
0x1275A user account was disabled.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2 A user account was disabled.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2
0x1276A user account was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges%t%8 A user account was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges%t%8
0x1277A security-enabled global group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nNew Group:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-enabled global group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nNew Group:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1278A member was added to a security-enabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11 A member was added to a security-enabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11
0x1279A member was removed from a security-enabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was removed from a security-enabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0x127AA security-enabled global group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nDeleted Group:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-enabled global group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nDeleted Group:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x127BA security-enabled local group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nNew Group:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-enabled local group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nNew Group:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x127CA member was added to a security-enabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%n%tExpiration time:%t%t%11 A member was added to a security-enabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%n%tExpiration time:%t%t%11
0x127DA member was removed from a security-enabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was removed from a security-enabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0x127EA security-enabled local group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-enabled local group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x127FA security-enabled local group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-enabled local group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1281A security-enabled global group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-enabled global group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1282A user account was changed.%n%nSubject:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nTarget Account:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%nChanged Attributes:%n%tSAM Account Name:%t%10%n%tDisplay Name:%t%t%11%n%tUser Principal Name:%t%12%n%tHome Directory:%t%t%13%n%tHome Drive:%t%t%14%n%tScript Path:%t%t%15%n%tProfile Path:%t%t%16%n%tUser Workstations:%t%17%n%tPassword Last Set:%t%18%n%tAccount Expires:%t%t%19%n%tPrimary Group ID:%t%20%n%tAllowedToDelegateTo:%t%21%n%tOld UAC Value:%t%t%22%n%tNew UAC Value:%t%t%23%n%tUser Account Control:%t%24%n%tUser Parameters:%t%25%n%tSID History:%t%t%26%n%tLogon Hours:%t%t%27%n%nAdditional Information:%n%tPrivileges:%t%t%9 A user account was changed.%n%nSubject:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nTarget Account:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%nChanged Attributes:%n%tSAM Account Name:%t%10%n%tDisplay Name:%t%t%11%n%tUser Principal Name:%t%12%n%tHome Directory:%t%t%13%n%tHome Drive:%t%t%14%n%tScript Path:%t%t%15%n%tProfile Path:%t%t%16%n%tUser Workstations:%t%17%n%tPassword Last Set:%t%18%n%tAccount Expires:%t%t%19%n%tPrimary Group ID:%t%20%n%tAllowedToDelegateTo:%t%21%n%tOld UAC Value:%t%t%22%n%tNew UAC Value:%t%t%23%n%tUser Account Control:%t%24%n%tUser Parameters:%t%25%n%tSID History:%t%t%26%n%tLogon Hours:%t%t%27%n%nAdditional Information:%n%tPrivileges:%t%t%9
0x1283Domain Policy was changed.%n%nChange Type:%t%t%1 modified%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nDomain:%n%tDomain Name:%t%t%2%n%tDomain ID:%t%t%3%n%nChanged Attributes:%n%tMin. Password Age:%t%9%n%tMax. Password Age:%t%10%n%tForce Logoff:%t%t%11%n%tLockout Threshold:%t%12%n%tLockout Observation Window:%t%13%n%tLockout Duration:%t%14%n%tPassword Properties:%t%15%n%tMin. Password Length:%t%16%n%tPassword History Length:%t%17%n%tMachine Account Quota:%t%18%n%tMixed Domain Mode:%t%19%n%tDomain Behavior Version:%t%20%n%tOEM Information:%t%21%n%nAdditional Information:%n%tPrivileges:%t%t%8 Domain Policy was changed.%n%nChange Type:%t%t%1 modified%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nDomain:%n%tDomain Name:%t%t%2%n%tDomain ID:%t%t%3%n%nChanged Attributes:%n%tMin. Password Age:%t%9%n%tMax. Password Age:%t%10%n%tForce Logoff:%t%t%11%n%tLockout Threshold:%t%12%n%tLockout Observation Window:%t%13%n%tLockout Duration:%t%14%n%tPassword Properties:%t%15%n%tMin. Password Length:%t%16%n%tPassword History Length:%t%17%n%tMachine Account Quota:%t%18%n%tMixed Domain Mode:%t%19%n%tDomain Behavior Version:%t%20%n%tOEM Information:%t%21%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1284A user account was locked out.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nAccount That Was Locked Out:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%nAdditional Information:%n%tCaller Computer Name:%t%2 A user account was locked out.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nAccount That Was Locked Out:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%nAdditional Information:%n%tCaller Computer Name:%t%2
0x1285A computer account was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nNew Computer Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tDisplay Name:%t%t%10%n%tUser Principal Name:%t%11%n%tHome Directory:%t%t%12%n%tHome Drive:%t%t%13%n%tScript Path:%t%t%14%n%tProfile Path:%t%t%15%n%tUser Workstations:%t%16%n%tPassword Last Set:%t%17%n%tAccount Expires:%t%t%18%n%tPrimary Group ID:%t%19%n%tAllowedToDelegateTo:%t%20%n%tOld UAC Value:%t%t%21%n%tNew UAC Value:%t%t%22%n%tUser Account Control:%t%23%n%tUser Parameters:%t%24%n%tSID History:%t%t%25%n%tLogon Hours:%t%t%26%n%tDNS Host Name:%t%t%27%n%tService Principal Names:%t%28%n%nAdditional Information:%n%tPrivileges%t%t%8 A computer account was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nNew Computer Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tDisplay Name:%t%t%10%n%tUser Principal Name:%t%11%n%tHome Directory:%t%t%12%n%tHome Drive:%t%t%13%n%tScript Path:%t%t%14%n%tProfile Path:%t%t%15%n%tUser Workstations:%t%16%n%tPassword Last Set:%t%17%n%tAccount Expires:%t%t%18%n%tPrimary Group ID:%t%19%n%tAllowedToDelegateTo:%t%20%n%tOld UAC Value:%t%t%21%n%tNew UAC Value:%t%t%22%n%tUser Account Control:%t%23%n%tUser Parameters:%t%24%n%tSID History:%t%t%25%n%tLogon Hours:%t%t%26%n%tDNS Host Name:%t%t%27%n%tService Principal Names:%t%28%n%nAdditional Information:%n%tPrivileges%t%t%8
0x1286A computer account was changed.%n%nSubject:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nComputer Account That Was Changed:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%nChanged Attributes:%n%tSAM Account Name:%t%10%n%tDisplay Name:%t%t%11%n%tUser Principal Name:%t%12%n%tHome Directory:%t%t%13%n%tHome Drive:%t%t%14%n%tScript Path:%t%t%15%n%tProfile Path:%t%t%16%n%tUser Workstations:%t%17%n%tPassword Last Set:%t%18%n%tAccount Expires:%t%t%19%n%tPrimary Group ID:%t%20%n%tAllowedToDelegateTo:%t%21%n%tOld UAC Value:%t%t%22%n%tNew UAC Value:%t%t%23%n%tUser Account Control:%t%24%n%tUser Parameters:%t%25%n%tSID History:%t%t%26%n%tLogon Hours:%t%t%27%n%tDNS Host Name:%t%t%28%n%tService Principal Names:%t%29%n%nAdditional Information:%n%tPrivileges:%t%t%9 A computer account was changed.%n%nSubject:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nComputer Account That Was Changed:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%nChanged Attributes:%n%tSAM Account Name:%t%10%n%tDisplay Name:%t%t%11%n%tUser Principal Name:%t%12%n%tHome Directory:%t%t%13%n%tHome Drive:%t%t%14%n%tScript Path:%t%t%15%n%tProfile Path:%t%t%16%n%tUser Workstations:%t%17%n%tPassword Last Set:%t%18%n%tAccount Expires:%t%t%19%n%tPrimary Group ID:%t%20%n%tAllowedToDelegateTo:%t%21%n%tOld UAC Value:%t%t%22%n%tNew UAC Value:%t%t%23%n%tUser Account Control:%t%24%n%tUser Parameters:%t%25%n%tSID History:%t%t%26%n%tLogon Hours:%t%t%27%n%tDNS Host Name:%t%t%28%n%tService Principal Names:%t%29%n%nAdditional Information:%n%tPrivileges:%t%t%9
0x1287A computer account was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Computer:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8 A computer account was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Computer:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1288A security-disabled local group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nNew Group:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-disabled local group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nNew Group:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1289A security-disabled local group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-disabled local group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x128AA member was added to a security-disabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11 A member was added to a security-disabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11
0x128BA member was removed from a security-disabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was removed from a security-disabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0x128CA security-disabled local group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-disabled local group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x128DA security-disabled global group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-disabled global group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x128EA security-disabled global group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-disabled global group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x128FA member was added to a security-disabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11 A member was added to a security-disabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11
0x1290A member was removed from a security-disabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was removed from a security-disabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0x1291A security-disabled global group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-disabled global group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1292A security-enabled universal group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-enabled universal group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1293A security-enabled universal group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-enabled universal group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1294A member was added to a security-enabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11 A member was added to a security-enabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11
0x1295A member was removed from a security-enabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was removed from a security-enabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0x1296A security-enabled universal group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-enabled universal group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1297A security-disabled universal group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-disabled universal group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1298A security-disabled universal group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-disabled universal group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nChanged Attributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x1299A member was added to a security-disabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11 A member was added to a security-disabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11
0x129AA member was removed from a security-disabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was removed from a security-disabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0x129BA security-disabled universal group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8 A security-disabled universal group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x129CA group’s type was changed.%n%nSubject:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nChange Type:%t%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%4%n%tGroup Name:%t%t%2%n%tGroup Domain:%t%t%3%n%nAdditional Information:%n%tPrivileges:%t%t%9 A group’s type was changed.%n%nSubject:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nChange Type:%t%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%4%n%tGroup Name:%t%t%2%n%tGroup Domain:%t%t%3%n%nAdditional Information:%n%tPrivileges:%t%t%9
0x129DSID History was added to an account.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nTarget Account:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nSource Account:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nAdditional Information:%n%tPrivileges:%t%t%10%n%tSID List:%t%t%t%11 SID History was added to an account.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nTarget Account:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nSource Account:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nAdditional Information:%n%tPrivileges:%t%t%10%n%tSID List:%t%t%t%11
0x129EAn attempt to add SID History to an account failed.%n%nSubject:%n%tSecurity ID:%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%nSource Account%n%tAccount Name:%t%t%1%n%nAdditional Information:%n%tPrivileges:%t%t%8 An attempt to add SID History to an account failed.%n%nSubject:%n%tSecurity ID:%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%nSource Account%n%tAccount Name:%t%t%1%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x129FA user account was unlocked.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2 A user account was unlocked.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2
0x12A0A Kerberos authentication ticket (TGT) was requested.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tSupplied Realm Name:%t%2%n%tUser ID:%t%t%t%3%n%nService Information:%n%tService Name:%t%t%4%n%tService ID:%t%t%5%n%nNetwork Information:%n%tClient Address:%t%t%10%n%tClient Port:%t%t%11%n%nAdditional Information:%n%tTicket Options:%t%t%6%n%tResult Code:%t%t%7%n%tTicket Encryption Type:%t%8%n%tPre-Authentication Type:%t%9%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%12%n%tCertificate Serial Number:%t%13%n%tCertificate Thumbprint:%t%t%14%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120. A Kerberos authentication ticket (TGT) was requested.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tSupplied Realm Name:%t%2%n%tUser ID:%t%t%t%3%n%nService Information:%n%tService Name:%t%t%4%n%tService ID:%t%t%5%n%nNetwork Information:%n%tClient Address:%t%t%10%n%tClient Port:%t%t%11%n%nAdditional Information:%n%tTicket Options:%t%t%6%n%tResult Code:%t%t%7%n%tTicket Encryption Type:%t%8%n%tPre-Authentication Type:%t%9%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%12%n%tCertificate Serial Number:%t%13%n%tCertificate Thumbprint:%t%t%14%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
0x12A1A Kerberos service ticket was requested.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon GUID:%t%t%10%n%nService Information:%n%tService Name:%t%t%3%n%tService ID:%t%t%4%n%nNetwork Information:%n%tClient Address:%t%t%7%n%tClient Port:%t%t%8%n%nAdditional Information:%n%tTicket Options:%t%t%5%n%tTicket Encryption Type:%t%6%n%tFailure Code:%t%t%9%n%tTransited Services:%t%11%n%nThis event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested.%n%nThis event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.%n%nTicket options, encryption types, and failure codes are defined in RFC 4120. A Kerberos service ticket was requested.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon GUID:%t%t%10%n%nService Information:%n%tService Name:%t%t%3%n%tService ID:%t%t%4%n%nNetwork Information:%n%tClient Address:%t%t%7%n%tClient Port:%t%t%8%n%nAdditional Information:%n%tTicket Options:%t%t%5%n%tTicket Encryption Type:%t%6%n%tFailure Code:%t%t%9%n%tTransited Services:%t%11%n%nThis event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested.%n%nThis event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.%n%nTicket options, encryption types, and failure codes are defined in RFC 4120.
0x12A2A Kerberos service ticket was renewed.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nService Information:%n%tService Name:%t%t%3%n%tService ID:%t%t%4%n%nNetwork Information:%n%tClient Address:%t%t%7%n%tClient Port:%t%t%8%n%nAdditional Information:%n%tTicket Options:%t%t%5%n%tTicket Encryption Type:%t%6%n%nTicket options and encryption types are defined in RFC 4120. A Kerberos service ticket was renewed.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nService Information:%n%tService Name:%t%t%3%n%tService ID:%t%t%4%n%nNetwork Information:%n%tClient Address:%t%t%7%n%tClient Port:%t%t%8%n%nAdditional Information:%n%tTicket Options:%t%t%5%n%tTicket Encryption Type:%t%6%n%nTicket options and encryption types are defined in RFC 4120.
0x12A3Kerberos pre-authentication failed.%n%nAccount Information:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nService Information:%n%tService Name:%t%t%3%n%nNetwork Information:%n%tClient Address:%t%t%7%n%tClient Port:%t%t%8%n%nAdditional Information:%n%tTicket Options:%t%t%4%n%tFailure Code:%t%t%5%n%tPre-Authentication Type:%t%6%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%9%n%tCertificate Serial Number: %t%10%n%tCertificate Thumbprint:%t%t%11%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options and failure codes are defined in RFC 4120.%n%nIf the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present. Kerberos pre-authentication failed.%n%nAccount Information:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nService Information:%n%tService Name:%t%t%3%n%nNetwork Information:%n%tClient Address:%t%t%7%n%tClient Port:%t%t%8%n%nAdditional Information:%n%tTicket Options:%t%t%4%n%tFailure Code:%t%t%5%n%tPre-Authentication Type:%t%6%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%9%n%tCertificate Serial Number: %t%10%n%tCertificate Thumbprint:%t%t%11%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options and failure codes are defined in RFC 4120.%n%nIf the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
0x12A4A Kerberos authentication ticket request failed.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tSupplied Realm Name:%t%2%n%nService Information:%n%tService Name:%t%3%n%nNetwork Information:%n%tClient Address:%t%6%n%tClient Port:%t%7%n%nAdditional Information:%n%tTicket Options:%t%4%n%tFailure Code:%t%5%n%nTicket options and failure codes are defined in RFC 4120. A Kerberos authentication ticket request failed.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tSupplied Realm Name:%t%2%n%nService Information:%n%tService Name:%t%3%n%nNetwork Information:%n%tClient Address:%t%6%n%tClient Port:%t%7%n%nAdditional Information:%n%tTicket Options:%t%4%n%tFailure Code:%t%5%n%nTicket options and failure codes are defined in RFC 4120.
0x12A5A Kerberos service ticket request failed.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nService Information:%n%tService Name:%t%3%n%nNetwork Information:%n%tClient Address:%t%6%n%tClient Port:%t%7%n%nAdditional Information:%n%tTicket Options:%t%4%n%tFailure Code:%t%5%n%nTicket options and failure codes are defined in RFC 4120. A Kerberos service ticket request failed.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nService Information:%n%tService Name:%t%3%n%nNetwork Information:%n%tClient Address:%t%6%n%tClient Port:%t%7%n%nAdditional Information:%n%tTicket Options:%t%4%n%tFailure Code:%t%5%n%nTicket options and failure codes are defined in RFC 4120.
0x12A6An account was mapped for logon.%n%nAuthentication Package:%t%1%nAccount UPN:%t%2%nMapped Name:%t%3 An account was mapped for logon.%n%nAuthentication Package:%t%1%nAccount UPN:%t%2%nMapped Name:%t%3
0x12A7An account could not be mapped for logon.%n%nAuthentication Package:%t%t%1%nAccount Name:%t%t%2 An account could not be mapped for logon.%n%nAuthentication Package:%t%t%1%nAccount Name:%t%t%2
0x12A8The computer attempted to validate the credentials for an account.%n%nAuthentication Package:%t%1%nLogon Account:%t%2%nSource Workstation:%t%3%nError Code:%t%4 The computer attempted to validate the credentials for an account.%n%nAuthentication Package:%t%1%nLogon Account:%t%2%nSource Workstation:%t%3%nError Code:%t%4
0x12A9The domain controller failed to validate the credentials for an account.%n%nAuthentication Package:%t%1%nLogon Account:%t%2%nSource Workstation:%t%3%nError Code:%t%4 The domain controller failed to validate the credentials for an account.%n%nAuthentication Package:%t%1%nLogon Account:%t%2%nSource Workstation:%t%3%nError Code:%t%4
0x12AAA session was reconnected to a Window Station.%n%nSubject:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon ID:%t%t%3%n%nSession:%n%tSession Name:%t%t%4%n%nAdditional Information:%n%tClient Name:%t%t%5%n%tClient Address:%t%t%6%n%nThis event is generated when a user reconnects to an existing Terminal Services session, or when a user switches to an existing desktop using Fast User Switching. A session was reconnected to a Window Station.%n%nSubject:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon ID:%t%t%3%n%nSession:%n%tSession Name:%t%t%4%n%nAdditional Information:%n%tClient Name:%t%t%5%n%tClient Address:%t%t%6%n%nThis event is generated when a user reconnects to an existing Terminal Services session, or when a user switches to an existing desktop using Fast User Switching.
0x12ABA session was disconnected from a Window Station.%n%nSubject:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon ID:%t%t%3%n%nSession:%n%tSession Name:%t%t%4%n%nAdditional Information:%n%tClient Name:%t%t%5%n%tClient Address:%t%t%6%n%n%nThis event is generated when a user disconnects from an existing Terminal Services session, or when a user switches away from an existing desktop using Fast User Switching. A session was disconnected from a Window Station.%n%nSubject:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon ID:%t%t%3%n%nSession:%n%tSession Name:%t%t%4%n%nAdditional Information:%n%tClient Name:%t%t%5%n%tClient Address:%t%t%6%n%n%nThis event is generated when a user disconnects from an existing Terminal Services session, or when a user switches away from an existing desktop using Fast User Switching.
0x12ACThe ACL was set on accounts which are members of administrators groups.%n%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8%n%nEvery hour, the Windows domain controller that holds the primary domain controller (PDC) Flexible Single Master Operation (FSMO) role compares the ACL on all security principal accounts (users, groups, and machine accounts) present for its domain in Active Directory and that are in administrative groups against the ACL on the AdminSDHolder object. If the ACL on the principal account differs from the ACL on the AdminSDHolder object, then the ACL on the principal account is reset to match the ACL on the AdminSDHolder object and this event is generated. The ACL was set on accounts which are members of administrators groups.%n%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nTarget Account:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8%n%nEvery hour, the Windows domain controller that holds the primary domain controller (PDC) Flexible Single Master Operation (FSMO) role compares the ACL on all security principal accounts (users, groups, and machine accounts) present for its domain in Active Directory and that are in administrative groups against the ACL on the AdminSDHolder object. If the ACL on the principal account differs from the ACL on the AdminSDHolder object, then the ACL on the principal account is reset to match the ACL on the AdminSDHolder object and this event is generated.
0x12ADThe name of an account was changed:%n%nSubject:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nTarget Account:%n%tSecurity ID:%t%t%4%n%tAccount Domain:%t%t%3%n%tOld Account Name:%t%1%n%tNew Account Name:%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%9 The name of an account was changed:%n%nSubject:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%nTarget Account:%n%tSecurity ID:%t%t%4%n%tAccount Domain:%t%t%3%n%tOld Account Name:%t%1%n%tNew Account Name:%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%9
0x12AEThe password hash an account was accessed.%n%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nTarget Account:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2 The password hash an account was accessed.%n%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nTarget Account:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2
0x12AFA basic application group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A basic application group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x12B0A basic application group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 A basic application group was changed.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x12B1A member was added to a basic application group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11 A member was added to a basic application group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%nExpiration time:%t%t%11
0x12B2A member was removed from a basic application group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was removed from a basic application group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0x12B3A non-member was added to a basic application group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%n%nA non-member is an account that is explicitly excluded from membership in a basic application group. Even if the account is specified as a member of the application group, either explicitly or through nested group membership, the account will not be treated as a group member if it is listed as a non-member. A non-member was added to a basic application group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%n%nA non-member is an account that is explicitly excluded from membership in a basic application group. Even if the account is specified as a member of the application group, either explicitly or through nested group membership, the account will not be treated as a group member if it is listed as a non-member.
0x12B4A non-member was removed from a basic application group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%n%nA non-member is an account that is explicitly excluded from membership in a basic application group. Even if the account is specified as a member of the application group, either explicitly or through nested group membership, the account will not be treated as a group member if it is listed as a non-member. A non-member was removed from a basic application group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%n%nA non-member is an account that is explicitly excluded from membership in a basic application group. Even if the account is specified as a member of the application group, either explicitly or through nested group membership, the account will not be treated as a group member if it is listed as a non-member.
0x12B5A basic application group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8 A basic application group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x12B6An LDAP query group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8 An LDAP query group was created.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAttributes:%n%tSAM Account Name:%t%9%n%tSID History:%t%t%10%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x12B8An LDAP query group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8 An LDAP query group was deleted.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nAdditional Information:%n%tPrivileges:%t%t%8
0x12B9The Password Policy Checking API was called.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAdditional Information:%n%tCaller Workstation:%t%5%n%tProvided Account Name (unauthenticated):%t%6%n%tStatus Code:%t%7 The Password Policy Checking API was called.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAdditional Information:%n%tCaller Workstation:%t%5%n%tProvided Account Name (unauthenticated):%t%6%n%tStatus Code:%t%7
0x12BAAn attempt was made to set the Directory Services Restore Mode%nadministrator password.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAdditional Information:%n%tCaller Workstation:%t%5%n%tStatus Code:%t%6 An attempt was made to set the Directory Services Restore Mode%nadministrator password.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAdditional Information:%n%tCaller Workstation:%t%5%n%tStatus Code:%t%6
0x12BDAn attempt was made to query the existence of a blank password for an account.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAdditional Information:%n%tCaller Workstation:%t%5%n%tTarget Account Name:%t%6%n%tTarget Account Domain:%t%7 An attempt was made to query the existence of a blank password for an account.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nAdditional Information:%n%tCaller Workstation:%t%5%n%tTarget Account Name:%t%6%n%tTarget Account Domain:%t%7
0x12BEA user's local group membership was enumerated.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nUser:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nProcess Information:%n%tProcess ID:%t%t%8%n%tProcess Name:%t%t%9 A user's local group membership was enumerated.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nUser:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%nProcess Information:%n%tProcess ID:%t%t%8%n%tProcess Name:%t%t%9
0x12BFA security-enabled local group membership was enumerated.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nProcess Information:%n%tProcess ID:%t%t%8%n%tProcess Name:%t%t%9 A security-enabled local group membership was enumerated.%n%nSubject:%n%tSecurity ID:%t%t%4%n%tAccount Name:%t%t%5%n%tAccount Domain:%t%t%6%n%tLogon ID:%t%t%7%n%nGroup:%n%tSecurity ID:%t%t%3%n%tGroup Name:%t%t%1%n%tGroup Domain:%t%t%2%n%nProcess Information:%n%tProcess ID:%t%t%8%n%tProcess Name:%t%t%9
0x12C0The workstation was locked.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tSession ID:%t%5 The workstation was locked.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tSession ID:%t%5
0x12C1The workstation was unlocked.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tSession ID:%t%5 The workstation was unlocked.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tSession ID:%t%5
0x12C2The screen saver was invoked.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tSession ID:%t%5 The screen saver was invoked.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tSession ID:%t%5
0x12C3The screen saver was dismissed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tSession ID:%t%5 The screen saver was dismissed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tSession ID:%t%5
0x12D0RPC detected an integrity violation while decrypting an incoming message.%n%nPeer Name:%t%1%nProtocol Sequence:%t%2%nSecurity Error:%t%3 RPC detected an integrity violation while decrypting an incoming message.%n%nPeer Name:%t%1%nProtocol Sequence:%t%2%nSecurity Error:%t%3
0x12D1Auditing settings on object were changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%nAuditing Settings:%n%tOriginal Security Descriptor:%t%8%n%tNew Security Descriptor:%t%t%9 Auditing settings on object were changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%nAuditing Settings:%n%tOriginal Security Descriptor:%t%8%n%tNew Security Descriptor:%t%t%9
0x12D2Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%tObject Name:%t%t%7%n%tHandle ID:%t%t%8%n%nProcess Information:%n%tProcess ID:%t%t%9%n%tProcess Name:%t%t%10%n%nCurrent Central Access Policy results:%n%n%tAccess Reasons:%t%t%11%nProposed Central Access Policy results that differ from the current Central Access Policy results:%n%n%tAccess Reasons:%t%t%12 Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%tObject Name:%t%t%7%n%tHandle ID:%t%t%8%n%nProcess Information:%n%tProcess ID:%t%t%9%n%tProcess Name:%t%t%10%n%nCurrent Central Access Policy results:%n%n%tAccess Reasons:%t%t%11%nProposed Central Access Policy results that differ from the current Central Access Policy results:%n%n%tAccess Reasons:%t%t%12
0x12D3Central Access Policies on the machine have been changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%nCAPs Added:%7%n%nCAPs Deleted:%8%n%nCAPs Modified:%9%n%nCAPs As-Is:%10 Central Access Policies on the machine have been changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%nCAPs Added:%7%n%nCAPs Deleted:%8%n%nCAPs Modified:%9%n%nCAPs As-Is:%10
0x12D4A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tSupplied Realm Name:%t%2%n%tUser ID:%t%t%t%3%n%nAuthentication Policy Information:%n%tSilo Name:%t%t%16%n%tPolicy Name:%t%t%17%n%tTGT Lifetime:%t%t%18%n%nDevice Information:%n%tDevice Name:%t%t%4%n%nService Information:%n%tService Name:%t%t%5%n%tService ID:%t%t%6%n%nNetwork Information:%n%tClient Address:%t%t%11%n%tClient Port:%t%t%12%n%nAdditional Information:%n%tTicket Options:%t%t%7%n%tResult Code:%t%t%8%n%tTicket Encryption Type:%t%9%n%tPre-Authentication Type:%t%10%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%13%n%tCertificate Serial Number:%t%14%n%tCertificate Thumbprint:%t%t%15%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120. A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tSupplied Realm Name:%t%2%n%tUser ID:%t%t%t%3%n%nAuthentication Policy Information:%n%tSilo Name:%t%t%16%n%tPolicy Name:%t%t%17%n%tTGT Lifetime:%t%t%18%n%nDevice Information:%n%tDevice Name:%t%t%4%n%nService Information:%n%tService Name:%t%t%5%n%tService ID:%t%t%6%n%nNetwork Information:%n%tClient Address:%t%t%11%n%tClient Port:%t%t%12%n%nAdditional Information:%n%tTicket Options:%t%t%7%n%tResult Code:%t%t%8%n%tTicket Encryption Type:%t%9%n%tPre-Authentication Type:%t%10%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%13%n%tCertificate Serial Number:%t%14%n%tCertificate Thumbprint:%t%t%15%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
0x12D5A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon GUID:%t%t%11%n%nAuthentication Policy Information:%n%tSilo Name:%t%t%13%n%tPolicy Name:%t%t%14%n%nDevice Information:%n%tDevice Name:%t%t%3%n%nService Information:%n%tService Name:%t%t%4%n%tService ID:%t%t%5%n%nNetwork Information:%n%tClient Address:%t%t%8%n%tClient Port:%t%t%9%n%nAdditional Information:%n%tTicket Options:%t%t%6%n%tTicket Encryption Type:%t%7%n%tFailure Code:%t%t%10%n%tTransited Services:%t%12%n%nThis event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested.%n%nThis event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.%n%nTicket options, encryption types, and failure codes are defined in RFC 4120. A Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions.%n%nAccount Information:%n%tAccount Name:%t%t%1%n%tAccount Domain:%t%t%2%n%tLogon GUID:%t%t%11%n%nAuthentication Policy Information:%n%tSilo Name:%t%t%13%n%tPolicy Name:%t%t%14%n%nDevice Information:%n%tDevice Name:%t%t%3%n%nService Information:%n%tService Name:%t%t%4%n%tService ID:%t%t%5%n%nNetwork Information:%n%tClient Address:%t%t%8%n%tClient Port:%t%t%9%n%nAdditional Information:%n%tTicket Options:%t%t%6%n%tTicket Encryption Type:%t%7%n%tFailure Code:%t%t%10%n%tTransited Services:%t%12%n%nThis event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested.%n%nThis event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.%n%nTicket options, encryption types, and failure codes are defined in RFC 4120.
0x12D6NTLM authentication failed because the account was a member of the Protected User group.%n%nAccount Name:%t%1%nDevice Name:%t%2%nError Code:%t%3 NTLM authentication failed because the account was a member of the Protected User group.%n%nAccount Name:%t%1%nDevice Name:%t%2%nError Code:%t%3
0x12D7NTLM authentication failed because access control restrictions are required.%n%nAccount Name:%t%1%nDevice Name:%t%2%nError Code:%t%3%n%nAuthentication Policy Information:%n%tSilo Name:%t%4%n%tPolicyName:%t%5 NTLM authentication failed because access control restrictions are required.%n%nAccount Name:%t%1%nDevice Name:%t%2%nError Code:%t%3%n%nAuthentication Policy Information:%n%tSilo Name:%t%4%n%tPolicyName:%t%5
0x12D8Kerberos preauthentication by using DES or RC4 failed because the account was a member of the Protected User group.%n%nAccount Information:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nService Information:%n%tService Name:%t%t%3%n%nNetwork Information:%n%tClient Address:%t%t%7%n%tClient Port:%t%t%8%n%nAdditional Information:%n%tTicket Options:%t%t%4%n%tFailure Code:%t%t%5%n%tPre-Authentication Type:%t%6%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%9%n%tCertificate Serial Number: %t%10%n%tCertificate Thumbprint:%t%t%11%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options and failure codes are defined in RFC 4120.%n%nIf the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present. Kerberos preauthentication by using DES or RC4 failed because the account was a member of the Protected User group.%n%nAccount Information:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nService Information:%n%tService Name:%t%t%3%n%nNetwork Information:%n%tClient Address:%t%t%7%n%tClient Port:%t%t%8%n%nAdditional Information:%n%tTicket Options:%t%t%4%n%tFailure Code:%t%t%5%n%tPre-Authentication Type:%t%6%n%nCertificate Information:%n%tCertificate Issuer Name:%t%t%9%n%tCertificate Serial Number: %t%10%n%tCertificate Thumbprint:%t%t%11%n%nCertificate information is only provided if a certificate was used for pre-authentication.%n%nPre-authentication types, ticket options and failure codes are defined in RFC 4120.%n%nIf the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
0x12D9A user was denied the access to Remote Desktop. By default, users are allowed to connect only if they are members of the Remote Desktop Users group or Administrators group.%n%nSubject:%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon ID:%t%3%n%nAdditional Information:%n%tClient Address:%t%4%n%n%nThis event is generated when an authenticated user who is not allowed to log on remotely attempts to connect to this computer through Remote Desktop. A user was denied the access to Remote Desktop. By default, users are allowed to connect only if they are members of the Remote Desktop Users group or Administrators group.%n%nSubject:%n%tUser Name:%t%1%n%tDomain:%t%t%2%n%tLogon ID:%t%3%n%nAdditional Information:%n%tClient Address:%t%4%n%n%nThis event is generated when an authenticated user who is not allowed to log on remotely attempts to connect to this computer through Remote Desktop.
0x12DABoot Configuration Data loaded.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nGeneral Settings:%n%tLoad Options:%t%t%5%n%tAdvanced Options:%t%t%6%n%tConfiguration Access Policy:%t%7%n%tSystem Event Logging:%t%8%n%tKernel Debugging:%t%9%n%tVSM Launch Type:%t%10%n%nSignature Settings:%n%tTest Signing:%t%t%11%n%tFlight Signing:%t%t%12%n%tDisable Integrity Checks:%t%13%n%nHyperVisor Settings:%n%tHyperVisor Load Options:%t%14%n%tHyperVisor Launch Type:%t%15%n%tHyperVisor Debugging:%t%16 Boot Configuration Data loaded.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nGeneral Settings:%n%tLoad Options:%t%t%5%n%tAdvanced Options:%t%t%6%n%tConfiguration Access Policy:%t%7%n%tSystem Event Logging:%t%8%n%tKernel Debugging:%t%9%n%tVSM Launch Type:%t%10%n%nSignature Settings:%n%tTest Signing:%t%t%11%n%tFlight Signing:%t%t%12%n%tDisable Integrity Checks:%t%13%n%nHyperVisor Settings:%n%tHyperVisor Load Options:%t%14%n%tHyperVisor Launch Type:%t%15%n%tHyperVisor Debugging:%t%16
0x12DESID History was removed from an account.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nTarget Account:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%n%tSID List:%t%t%t%11 SID History was removed from an account.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nTarget Account:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10%n%tSID List:%t%t%t%11
0x1300A namespace collision was detected.%n%nTarget Type:%t%1%nTarget Name:%t%2%nForest Root:%t%3%nTop Level Name:%t%4%nDNS Name:%t%5%nNetBIOS Name:%t%6%nSecurity ID:%t%t%7%nNew Flags:%t%8 A namespace collision was detected.%n%nTarget Type:%t%1%nTarget Name:%t%2%nForest Root:%t%3%nTop Level Name:%t%4%nDNS Name:%t%5%nNetBIOS Name:%t%6%nSecurity ID:%t%t%7%nNew Flags:%t%8
0x1301A trusted forest information entry was added.%n%nSubject:%n%tSecurity ID:%t%t%10%n%tAccount Name:%t%t%11%n%tAccount Domain:%t%t%12%n%tLogon ID:%t%t%13%n%nTrust Information:%n%tForest Root:%t%1%n%tForest Root SID:%t%2%n%tOperation ID:%t%3%n%tEntry Type:%t%4%n%tFlags:%t%5%n%tTop Level Name:%t%6%n%tDNS Name:%t%7%n%tNetBIOS Name:%t%8%n%tDomain SID:%t%9 A trusted forest information entry was added.%n%nSubject:%n%tSecurity ID:%t%t%10%n%tAccount Name:%t%t%11%n%tAccount Domain:%t%t%12%n%tLogon ID:%t%t%13%n%nTrust Information:%n%tForest Root:%t%1%n%tForest Root SID:%t%2%n%tOperation ID:%t%3%n%tEntry Type:%t%4%n%tFlags:%t%5%n%tTop Level Name:%t%6%n%tDNS Name:%t%7%n%tNetBIOS Name:%t%8%n%tDomain SID:%t%9
0x1302A trusted forest information entry was removed.%n%nSubject:%n%tSecurity ID:%t%t%10%n%tAccount Name:%t%t%11%n%tAccount Domain:%t%t%12%n%tLogon ID:%t%t%13%n%nTrust Information:%n%tForest Root:%t%1%n%tForest Root SID:%t%2%n%tOperation ID:%t%3%n%tEntry Type:%t%4%n%tFlags:%t%5%n%tTop Level Name:%t%6%n%tDNS Name:%t%7%n%tNetBIOS Name:%t%8%n%tDomain SID:%t%9 A trusted forest information entry was removed.%n%nSubject:%n%tSecurity ID:%t%t%10%n%tAccount Name:%t%t%11%n%tAccount Domain:%t%t%12%n%tLogon ID:%t%t%13%n%nTrust Information:%n%tForest Root:%t%1%n%tForest Root SID:%t%2%n%tOperation ID:%t%3%n%tEntry Type:%t%4%n%tFlags:%t%5%n%tTop Level Name:%t%6%n%tDNS Name:%t%7%n%tNetBIOS Name:%t%8%n%tDomain SID:%t%9
0x1303A trusted forest information entry was modified.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTrust Information:%n%tForest Root:%t%5%n%tForest Root SID:%t%6%n%tOperation ID:%t%7%n%tEntry Type:%t%8%n%tFlags:%t%9%n%tTop Level Name:%t%10%n%tDNS Name:%t%11%n%tNetBIOS Name:%t%12%n%tDomain SID:%t%13 A trusted forest information entry was modified.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTrust Information:%n%tForest Root:%t%5%n%tForest Root SID:%t%6%n%tOperation ID:%t%7%n%tEntry Type:%t%8%n%tFlags:%t%9%n%tTop Level Name:%t%10%n%tDNS Name:%t%11%n%tNetBIOS Name:%t%12%n%tDomain SID:%t%13
0x1304The certificate manager denied a pending certificate request.%n%t%nRequest ID:%t%1 The certificate manager denied a pending certificate request.%n%t%nRequest ID:%t%1
0x1305Certificate Services received a resubmitted certificate request.%n%t%nRequest ID:%t%1 Certificate Services received a resubmitted certificate request.%n%t%nRequest ID:%t%1
0x1306Certificate Services revoked a certificate.%n%t%nSerial Number:%t%1%nReason:%t%2 Certificate Services revoked a certificate.%n%t%nSerial Number:%t%1%nReason:%t%2
0x1307Certificate Services received a request to publish the certificate revocation list (CRL).%n%t%nNext Update:%t%1%nPublish Base:%t%2%nPublish Delta:%t%3 Certificate Services received a request to publish the certificate revocation list (CRL).%n%t%nNext Update:%t%1%nPublish Base:%t%2%nPublish Delta:%t%3
0x1308Certificate Services published the certificate revocation list (CRL).%n%t%nBase CRL:%t%1%nCRL Number:%t%2%nKey Container:%t%3%nNext Publish:%t%4%nPublish URLs:%t%5 Certificate Services published the certificate revocation list (CRL).%n%t%nBase CRL:%t%1%nCRL Number:%t%2%nKey Container:%t%3%nNext Publish:%t%4%nPublish URLs:%t%5
0x1309A certificate request extension changed.%n%t%nRequest ID:%t%1%nName:%t%2%nType:%t%3%nFlags:%t%4%nData:%t%5 A certificate request extension changed.%n%t%nRequest ID:%t%1%nName:%t%2%nType:%t%3%nFlags:%t%4%nData:%t%5
0x130AOne or more certificate request attributes changed.%n%t%nRequest ID:%t%1%nAttributes:%t%2 One or more certificate request attributes changed.%n%t%nRequest ID:%t%1%nAttributes:%t%2
0x130BCertificate Services received a request to shut down. Certificate Services received a request to shut down.
0x130CCertificate Services backup started.%n%nBackup Type:%t%1 Certificate Services backup started.%n%nBackup Type:%t%1
0x130DCertificate Services backup completed. Certificate Services backup completed.
0x130ECertificate Services restore started. Certificate Services restore started.
0x130FCertificate Services restore completed. Certificate Services restore completed.
0x1310Certificate Services started.%n%t%nCertificate Database Hash:%t%1%nPrivate Key Usage Count:%t%2%nCA Certificate Hash:%t%3%nCA Public Key Hash:%t%4 Certificate Services started.%n%t%nCertificate Database Hash:%t%1%nPrivate Key Usage Count:%t%2%nCA Certificate Hash:%t%3%nCA Public Key Hash:%t%4
0x1311Certificate Services stopped.%n%t%nCertificate Database Hash:%t%1%nPrivate Key Usage Count:%t%2%nCA Certificate Hash:%t%3%nCA Public Key Hash:%t%4 Certificate Services stopped.%n%t%nCertificate Database Hash:%t%1%nPrivate Key Usage Count:%t%2%nCA Certificate Hash:%t%3%nCA Public Key Hash:%t%4
0x1312The security permissions for Certificate Services changed.%n%t%n%1 The security permissions for Certificate Services changed.%n%t%n%1
0x1313Certificate Services retrieved an archived key.%n%t%nRequest ID:%t%1 Certificate Services retrieved an archived key.%n%t%nRequest ID:%t%1
0x1314Certificate Services imported a certificate into its database.%n%t%nCertificate:%t%1%nRequest ID:%t%2 Certificate Services imported a certificate into its database.%n%t%nCertificate:%t%1%nRequest ID:%t%2
0x1315The audit filter for Certificate Services changed.%n%t%nFilter:%t%1 The audit filter for Certificate Services changed.%n%t%nFilter:%t%1
0x1316Certificate Services received a certificate request.%n%t%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3 Certificate Services received a certificate request.%n%t%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3
0x1317Certificate Services approved a certificate request and issued a certificate.%n%t%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3%nDisposition:%t%4%nSKI:%t%t%5%nSubject:%t%6 Certificate Services approved a certificate request and issued a certificate.%n%t%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3%nDisposition:%t%4%nSKI:%t%t%5%nSubject:%t%6
0x1318Certificate Services denied a certificate request.%n%t%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3%nDisposition:%t%4%nSKI:%t%t%5%nSubject:%t%6 Certificate Services denied a certificate request.%n%t%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3%nDisposition:%t%4%nSKI:%t%t%5%nSubject:%t%6
0x1319Certificate Services set the status of a certificate request to pending.%n%t%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3%nDisposition:%t%4%nSKI:%t%t%5%nSubject:%t%6 Certificate Services set the status of a certificate request to pending.%n%t%nRequest ID:%t%1%nRequester:%t%2%nAttributes:%t%3%nDisposition:%t%4%nSKI:%t%t%5%nSubject:%t%6
0x131AThe certificate manager settings for Certificate Services changed.%n%t%nEnable:%t%1%n%n%2 The certificate manager settings for Certificate Services changed.%n%t%nEnable:%t%1%n%n%2
0x131BA configuration entry changed in Certificate Services.%n%t%nNode:%t%1%nEntry:%t%2%nValue:%t%3 A configuration entry changed in Certificate Services.%n%t%nNode:%t%1%nEntry:%t%2%nValue:%t%3
0x131CA property of Certificate Services changed.%n%t%nProperty:%t%1%nIndex:%t%2%nType:%t%3%nValue:%t%4 A property of Certificate Services changed.%n%t%nProperty:%t%1%nIndex:%t%2%nType:%t%3%nValue:%t%4
0x131DCertificate Services archived a key.%n%t%nRequest ID:%t%1%nRequester:%t%2%nKRA Hashes:%t%3 Certificate Services archived a key.%n%t%nRequest ID:%t%1%nRequester:%t%2%nKRA Hashes:%t%3
0x131ECertificate Services imported and archived a key.%n%t%nRequest ID:%t%1 Certificate Services imported and archived a key.%n%t%nRequest ID:%t%1
0x131FCertificate Services published the CA certificate to Active Directory Domain Services.%n%t%nCertificate Hash:%t%1%nValid From:%t%2%nValid To:%t%t%3 Certificate Services published the CA certificate to Active Directory Domain Services.%n%t%nCertificate Hash:%t%1%nValid From:%t%2%nValid To:%t%t%3
0x1320One or more rows have been deleted from the certificate database.%n%t%nTable ID:%t%1%nFilter:%t%2%nRows Deleted:%t%3 One or more rows have been deleted from the certificate database.%n%t%nTable ID:%t%1%nFilter:%t%2%nRows Deleted:%t%3
0x1321Role separation enabled:%t%1 Role separation enabled:%t%1
0x1322Certificate Services loaded a template.%n%n%1 v%2 (Schema V%3)%n%4%n%5%n%nTemplate Information:%n%tTemplate Content:%t%t%7%n%tSecurity Descriptor:%t%t%8%n%nAdditional Information:%n%tDomain Controller:%t%6 Certificate Services loaded a template.%n%n%1 v%2 (Schema V%3)%n%4%n%5%n%nTemplate Information:%n%tTemplate Content:%t%t%7%n%tSecurity Descriptor:%t%t%8%n%nAdditional Information:%n%tDomain Controller:%t%6
0x1323A Certificate Services template was updated.%n%n%1 v%2 (Schema V%3)%n%4%n%5%n%nTemplate Change Information:%n%tOld Template Content:%t%8%n%tNew Template Content:%t%t%7%n%nAdditional Information:%n%tDomain Controller:%t%6 A Certificate Services template was updated.%n%n%1 v%2 (Schema V%3)%n%4%n%5%n%nTemplate Change Information:%n%tOld Template Content:%t%8%n%tNew Template Content:%t%t%7%n%nAdditional Information:%n%tDomain Controller:%t%6
0x1324Certificate Services template security was updated.%n%n%1 v%2 (Schema V%3)%n%4%n%5%n%nTemplate Change Information:%n%tOld Template Content:%t%t%9%n%tNew Template Content:%t%7%n%tOld Security Descriptor:%t%t%10%n%tNew Security Descriptor:%t%t%8%n%nAdditional Information:%n%tDomain Controller:%t%6 Certificate Services template security was updated.%n%n%1 v%2 (Schema V%3)%n%4%n%5%n%nTemplate Change Information:%n%tOld Template Content:%t%t%9%n%tNew Template Content:%t%7%n%tOld Security Descriptor:%t%t%10%n%tNew Security Descriptor:%t%t%8%n%nAdditional Information:%n%tDomain Controller:%t%6
0x1326The Per-user audit policy table was created.%n%nNumber of Elements:%t%1%nPolicy ID:%t%2 The Per-user audit policy table was created.%n%nNumber of Elements:%t%1%nPolicy ID:%t%2
0x1328An attempt was made to register a security event source.%n%nSubject :%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess:%n%tProcess ID:%t%7%n%tProcess Name:%t%8%n%nEvent Source:%n%tSource Name:%t%5%n%tEvent Source ID:%t%6 An attempt was made to register a security event source.%n%nSubject :%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess:%n%tProcess ID:%t%7%n%tProcess Name:%t%8%n%nEvent Source:%n%tSource Name:%t%5%n%tEvent Source ID:%t%6
0x1329An attempt was made to unregister a security event source.%n%nSubject%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess:%n%tProcess ID:%t%7%n%tProcess Name:%t%8%n%nEvent Source:%n%tSource Name:%t%5%n%tEvent Source ID:%t%6 An attempt was made to unregister a security event source.%n%nSubject%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess:%n%tProcess ID:%t%7%n%tProcess Name:%t%8%n%nEvent Source:%n%tSource Name:%t%5%n%tEvent Source ID:%t%6
0x132AThe CrashOnAuditFail value has changed.%n%nNew Value of CrashOnAuditFail:%t%1 The CrashOnAuditFail value has changed.%n%nNew Value of CrashOnAuditFail:%t%1
0x132BAuditing settings on object were changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nAuditing Settings:%n%tOriginal Security Descriptor:%t%9%n%tNew Security Descriptor:%t%t%10 Auditing settings on object were changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nAuditing Settings:%n%tOriginal Security Descriptor:%t%9%n%tNew Security Descriptor:%t%t%10
0x132CSpecial Groups Logon table modified.%n%nSpecial Groups:%t%1%n%nThis event is generated when the list of special groups is updated in the registry or through security policy. The updated list of special groups is indicated in the event. Special Groups Logon table modified.%n%nSpecial Groups:%t%1%n%nThis event is generated when the list of special groups is updated in the registry or through security policy. The updated list of special groups is indicated in the event.
0x132DThe local policy settings for the TBS were changed.%n%nOld Blocked Ordinals:%t%1%nNew Blocked Ordinals:%t%2 The local policy settings for the TBS were changed.%n%nOld Blocked Ordinals:%t%1%nNew Blocked Ordinals:%t%2
0x132EThe group policy settings for the TBS were changed.%n%nGroup Policy Setting:%t%tIgnore Default Settings%n%tOld Value:%t%t%1%n%tNew Value:%t%t%2%n%nGroup Policy Setting:%t%tIgnore Local Settings%n%tOld Value:%t%t%3%n%tNew Value:%t%t%4%n%nOld Blocked Ordinals:%t%5%nNew Blocked Ordinals:%t%6 The group policy settings for the TBS were changed.%n%nGroup Policy Setting:%t%tIgnore Default Settings%n%tOld Value:%t%t%1%n%tNew Value:%t%t%2%n%nGroup Policy Setting:%t%tIgnore Local Settings%n%tOld Value:%t%t%3%n%tNew Value:%t%t%4%n%nOld Blocked Ordinals:%t%5%nNew Blocked Ordinals:%t%6
0x132FResource attributes of the object were changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nResource Attributes:%n%tOriginal Security Descriptor:%t%9%n%tNew Security Descriptor:%t%t%10 Resource attributes of the object were changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nResource Attributes:%n%tOriginal Security Descriptor:%t%9%n%tNew Security Descriptor:%t%t%10
0x1330Per User Audit Policy was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nPolicy For Account:%n%tSecurity ID:%t%t%5%n%nPolicy Change Details:%n%tCategory:%t%6%n%tSubcategory:%t%7%n%tSubcategory GUID:%t%8%n%tChanges:%t%9 Per User Audit Policy was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nPolicy For Account:%n%tSecurity ID:%t%t%5%n%nPolicy Change Details:%n%tCategory:%t%6%n%tSubcategory:%t%7%n%tSubcategory GUID:%t%8%n%tChanges:%t%9
0x1331Central Access Policy on the object was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nCentral Policy ID:%n%tOriginal Security Descriptor:%t%9%n%tNew Security Descriptor:%t%t%10 Central Access Policy on the object was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nCentral Policy ID:%n%tOriginal Security Descriptor:%t%9%n%tNew Security Descriptor:%t%t%10
0x1340An Active Directory replica source naming context was established.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nSource Address:%t%3%nNaming Context:%t%4%nOptions:%t%t%5%nStatus Code:%t%6 An Active Directory replica source naming context was established.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nSource Address:%t%3%nNaming Context:%t%4%nOptions:%t%t%5%nStatus Code:%t%6
0x1341An Active Directory replica source naming context was removed.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nSource Address:%t%3%nNaming Context:%t%4%nOptions:%t%t%5%nStatus Code:%t%6 An Active Directory replica source naming context was removed.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nSource Address:%t%3%nNaming Context:%t%4%nOptions:%t%t%5%nStatus Code:%t%6
0x1342An Active Directory replica source naming context was modified.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nSource Address:%t%3%nNaming Context:%t%4%nOptions:%t%t%5%nStatus Code:%t%6 An Active Directory replica source naming context was modified.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nSource Address:%t%3%nNaming Context:%t%4%nOptions:%t%t%5%nStatus Code:%t%6
0x1343An Active Directory replica destination naming context was modified.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nDestination Address:%t%3%nNaming Context:%t%4%nOptions:%t%t%5%nStatus Code:%t%6 An Active Directory replica destination naming context was modified.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nDestination Address:%t%3%nNaming Context:%t%4%nOptions:%t%t%5%nStatus Code:%t%6
0x1344Synchronization of a replica of an Active Directory naming context has begun.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nNaming Context:%t%3%nOptions:%t%t%4%nSession ID:%t%5%nStart USN:%t%6 Synchronization of a replica of an Active Directory naming context has begun.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nNaming Context:%t%3%nOptions:%t%t%4%nSession ID:%t%5%nStart USN:%t%6
0x1345Synchronization of a replica of an Active Directory naming context has ended.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nNaming Context:%t%3%nOptions:%t%t%4%nSession ID:%t%5%nEnd USN:%t%6%nStatus Code:%t%7 Synchronization of a replica of an Active Directory naming context has ended.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nNaming Context:%t%3%nOptions:%t%t%4%nSession ID:%t%5%nEnd USN:%t%6%nStatus Code:%t%7
0x1346Attributes of an Active Directory object were replicated.%n%nSession ID:%t%1%nObject:%t%t%2%nAttribute:%t%3%nType of change:%t%4%nNew Value:%t%5%nUSN:%t%t%6%nStatus Code:%t%7 Attributes of an Active Directory object were replicated.%n%nSession ID:%t%1%nObject:%t%t%2%nAttribute:%t%3%nType of change:%t%4%nNew Value:%t%5%nUSN:%t%t%6%nStatus Code:%t%7
0x1347Replication failure begins.%n%nReplication Event:%t%1%nAudit Status Code:%t%2 Replication failure begins.%n%nReplication Event:%t%1%nAudit Status Code:%t%2
0x1348Replication failure ends.%n%nReplication Event:%t%1%nAudit Status Code:%t%2%nReplication Status Code:%t%3 Replication failure ends.%n%nReplication Event:%t%1%nAudit Status Code:%t%2%nReplication Status Code:%t%3
0x1349A lingering object was removed from a replica.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nObject:%t%3%nOptions:%t%4%nStatus Code:%t%5 A lingering object was removed from a replica.%n%nDestination DRA:%t%1%nSource DRA:%t%2%nObject:%t%3%nOptions:%t%4%nStatus Code:%t%5
0x1350The following policy was active when the Windows Firewall started.%n%nGroup Policy Applied:%t%1%nProfile Used:%t%2%nOperational mode:%t%3%nAllow Remote Administration:%t%4%nAllow Unicast Responses to Multicast/Broadcast Traffic:%t%5%nSecurity Logging:%n%tLog Dropped Packets:%t%6%n%tLog Successful Connections:%t%7 The following policy was active when the Windows Firewall started.%n%nGroup Policy Applied:%t%1%nProfile Used:%t%2%nOperational mode:%t%3%nAllow Remote Administration:%t%4%nAllow Unicast Responses to Multicast/Broadcast Traffic:%t%5%nSecurity Logging:%n%tLog Dropped Packets:%t%6%n%tLog Successful Connections:%t%7
0x1351A rule was listed when the Windows Firewall started.%n%t%nProfile used:%t%1%n%nRule:%n%tRule ID:%t%2%n%tRule Name:%t%3 A rule was listed when the Windows Firewall started.%n%t%nProfile used:%t%1%n%nRule:%n%tRule ID:%t%2%n%tRule Name:%t%3
0x1352A change was made to the Windows Firewall exception list. A rule was added.%n%t%nProfile Changed:%t%1%n%nAdded Rule:%n%tRule ID:%t%2%n%tRule Name:%t%3 A change was made to the Windows Firewall exception list. A rule was added.%n%t%nProfile Changed:%t%1%n%nAdded Rule:%n%tRule ID:%t%2%n%tRule Name:%t%3
0x1353A change was made to the Windows Firewall exception list. A rule was modified.%n%t%nProfile Changed:%t%1%n%nModified Rule:%n%tRule ID:%t%2%n%tRule Name:%t%3 A change was made to the Windows Firewall exception list. A rule was modified.%n%t%nProfile Changed:%t%1%n%nModified Rule:%n%tRule ID:%t%2%n%tRule Name:%t%3
0x1354A change was made to the Windows Firewall exception list. A rule was deleted.%n%t%nProfile Changed:%t%1%n%nDeleted Rule:%n%tRule ID:%t%2%n%tRule Name:%t%3 A change was made to the Windows Firewall exception list. A rule was deleted.%n%t%nProfile Changed:%t%1%n%nDeleted Rule:%n%tRule ID:%t%2%n%tRule Name:%t%3
0x1355Windows Firewall settings were restored to the default values. Windows Firewall settings were restored to the default values.
0x1356A Windows Firewall setting was changed.%n%t%nChanged Profile:%t%1%n%nNew Setting:%n%tType:%t%2%n%tValue:%t%3 A Windows Firewall setting was changed.%n%t%nChanged Profile:%t%1%n%nNew Setting:%n%tType:%t%2%n%tValue:%t%3
0x1357Windows Firewall ignored a rule because its major version number is not recognized.%n%t%nProfile:%t%1%n%nIgnored Rule:%n%tID:%t%2%n%tName:%t%3 Windows Firewall ignored a rule because its major version number is not recognized.%n%t%nProfile:%t%1%n%nIgnored Rule:%n%tID:%t%2%n%tName:%t%3
0x1358Windows Firewall ignored parts of a rule because its minor version number is not recognized. Other parts of the rule will be enforced.%n%t%nProfile:%t%1%n%nPartially Ignored Rule:%n%tID:%t%2%n%tName:%t%3 Windows Firewall ignored parts of a rule because its minor version number is not recognized. Other parts of the rule will be enforced.%n%t%nProfile:%t%1%n%nPartially Ignored Rule:%n%tID:%t%2%n%tName:%t%3
0x1359Windows Firewall ignored a rule because it could not be parsed.%n%t%nProfile:%t%1%n%nReason for Rejection:%t%2%n%nRule:%n%tID:%t%3%n%tName:%t%4 Windows Firewall ignored a rule because it could not be parsed.%n%t%nProfile:%t%1%n%nReason for Rejection:%t%2%n%nRule:%n%tID:%t%3%n%tName:%t%4
0x135AGroup Policy settings for Windows Firewall were changed, and the new settings were applied. Group Policy settings for Windows Firewall were changed, and the new settings were applied.
0x135CWindows Firewall changed the active profile.%n%nNew Active Profile:%t%1 Windows Firewall changed the active profile.%n%nNew Active Profile:%t%1
0x135DWindows Firewall did not apply the following rule:%n%nRule Information:%n%tID:%t%1%n%tName:%t%2%n%nError Information:%n%tReason:%t%3 resolved to an empty set. Windows Firewall did not apply the following rule:%n%nRule Information:%n%tID:%t%1%n%tName:%t%2%n%nError Information:%n%tReason:%t%3 resolved to an empty set.
0x135EWindows Firewall did not apply the following rule because the rule referred to items not configured on this computer:%n%nRule Information:%n%tID:%t%1%n%tName:%t%2%n%nError Information:%n%tError:%t%3%n%tReason:%t%4 Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer:%n%nRule Information:%n%tID:%t%1%n%tName:%t%2%n%nError Information:%n%tError:%t%3%n%tReason:%t%4
0x1360IPsec dropped an inbound packet that failed an integrity check. If this problem persists, it could indicate a network issue or that packets are being modified in transit to this computer. Verify that the packets sent from the remote computer are the same as those received by this computer. This error might also indicate interoperability problems with other IPsec implementations.%n%nRemote Network Address:%t%1%nInbound SA SPI:%t%t%2 IPsec dropped an inbound packet that failed an integrity check. If this problem persists, it could indicate a network issue or that packets are being modified in transit to this computer. Verify that the packets sent from the remote computer are the same as those received by this computer. This error might also indicate interoperability problems with other IPsec implementations.%n%nRemote Network Address:%t%1%nInbound SA SPI:%t%t%2
0x1361IPsec dropped an inbound packet that failed a replay check. If this problem persists, it could indicate a replay attack against this computer.%n%nRemote Network Address:%t%1%nInbound SA SPI:%t%t%2 IPsec dropped an inbound packet that failed a replay check. If this problem persists, it could indicate a replay attack against this computer.%n%nRemote Network Address:%t%1%nInbound SA SPI:%t%t%2
0x1362IPsec dropped an inbound packet that failed a replay check. The inbound packet had too low a sequence number to ensure it was not a replay.%n%nRemote Network Address:%t%1%nInbound SA SPI:%t%t%2 IPsec dropped an inbound packet that failed a replay check. The inbound packet had too low a sequence number to ensure it was not a replay.%n%nRemote Network Address:%t%1%nInbound SA SPI:%t%t%2
0x1363IPsec dropped an inbound clear text packet that should have been secured. If the remote computer is configured with a Request Outbound IPsec policy, this might be benign and expected. This can also be caused by the remote computer changing its IPsec policy without informing this computer. This could also be a spoofing attack attempt.%n%nRemote Network Address:%t%1%nInbound SA SPI:%t%t%2 IPsec dropped an inbound clear text packet that should have been secured. If the remote computer is configured with a Request Outbound IPsec policy, this might be benign and expected. This can also be caused by the remote computer changing its IPsec policy without informing this computer. This could also be a spoofing attack attempt.%n%nRemote Network Address:%t%1%nInbound SA SPI:%t%t%2
0x1364Special groups have been assigned to a new logon.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tLogon GUID:%t%5%n%nNew Logon:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%tLogon GUID:%t%10%n%tSpecial Groups Assigned:%t%11 Special groups have been assigned to a new logon.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%tLogon GUID:%t%5%n%nNew Logon:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%tLogon GUID:%t%10%n%tSpecial Groups Assigned:%t%11
0x1365IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI). This is usually caused by malfunctioning hardware that is corrupting packets. If these errors persist, verify that the packets sent from the remote computer are the same as those received by this computer. This error might also indicate interoperability problems with other IPsec implementations. In that case, if connectivity is not impeded, then these events can be ignored.%n%nRemote Network Address:%t%1%nInbound SA SPI:%t%t%2 IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI). This is usually caused by malfunctioning hardware that is corrupting packets. If these errors persist, verify that the packets sent from the remote computer are the same as those received by this computer. This error might also indicate interoperability problems with other IPsec implementations. In that case, if connectivity is not impeded, then these events can be ignored.%n%nRemote Network Address:%t%1%nInbound SA SPI:%t%t%2
0x1370During main mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.%n%nLocal Network Address:%t%1%nRemote Network Address:%t%2%nKeying Module Name:%t%3 During main mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.%n%nLocal Network Address:%t%1%nRemote Network Address:%t%2%nKeying Module Name:%t%3
0x1371During quick mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.%n%nLocal Network Address:%t%1%nRemote Network Address:%t%2%nKeying Module Name:%t%3 During quick mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.%n%nLocal Network Address:%t%1%nRemote Network Address:%t%2%nKeying Module Name:%t%3
0x1372During extended mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.%n%nLocal Network Address:%t%1%nRemote Network Address:%t%2%nKeying Module Name:%t%3 During extended mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.%n%nLocal Network Address:%t%1%nRemote Network Address:%t%2%nKeying Module Name:%t%3
0x1373IPsec main mode and extended mode security associations were established.%n%nMain Mode Local Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%3%n%tKeying Module Port:%t%4%n%nMain Mode Remote Endpoint:%n%tPrincipal Name:%t%2%n%tNetwork Address:%t%5%n%tKeying Module Port:%t%6%n%nMain Mode Cryptographic Information:%n%tCipher Algorithm:%t%8%n%tIntegrity Algorithm:%t%9%n%tDiffie-Hellman Group:%t%10%n%nMain Mode Security Association:%n%tLifetime (minutes):%t%11%n%tQuick Mode Limit:%t%12%n%tMain Mode SA ID:%t%16%n%t%nMain Mode Additional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%t%7%n%tRole:%t%t%t%13%n%tImpersonation State:%t%14%n%tMain Mode Filter ID:%t%15%n%nExtended Mode Information:%n%tLocal Principal Name:%t%17%n%tRemote Principal Name:%t%18%n%tAuthentication Method:%t%19%n%tImpersonation State:%t%20%n%tQuick Mode Filter ID:%t%21 IPsec main mode and extended mode security associations were established.%n%nMain Mode Local Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%3%n%tKeying Module Port:%t%4%n%nMain Mode Remote Endpoint:%n%tPrincipal Name:%t%2%n%tNetwork Address:%t%5%n%tKeying Module Port:%t%6%n%nMain Mode Cryptographic Information:%n%tCipher Algorithm:%t%8%n%tIntegrity Algorithm:%t%9%n%tDiffie-Hellman Group:%t%10%n%nMain Mode Security Association:%n%tLifetime (minutes):%t%11%n%tQuick Mode Limit:%t%12%n%tMain Mode SA ID:%t%16%n%t%nMain Mode Additional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%t%7%n%tRole:%t%t%t%13%n%tImpersonation State:%t%14%n%tMain Mode Filter ID:%t%15%n%nExtended Mode Information:%n%tLocal Principal Name:%t%17%n%tRemote Principal Name:%t%18%n%tAuthentication Method:%t%19%n%tImpersonation State:%t%20%n%tQuick Mode Filter ID:%t%21
0x1374IPsec main mode and extended mode security associations were established.%n%nMain Mode Local Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%3%n%tKeying Module Port:%t%4%n%nMain Mode Remote Endpoint:%n%tPrincipal Name:%t%2%n%tNetwork Address:%t%5%n%tKeying Module Port:%t%6%n%nMain Mode Cryptographic Information:%n%tCipher Algorithm:%t%8%n%tIntegrity Algorithm:%t%9%n%tDiffie-Hellman Group:%t%10%n%nMain Mode Security Association:%n%tLifetime (minutes):%t%11%n%tQuick Mode Limit:%t%12%n%tMain Mode SA ID:%t%16%n%t%nMain Mode Additional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%t%7%n%tRole:%t%t%t%13%n%tImpersonation State:%t%14%n%tMain Mode Filter ID:%t%15%n%nExtended Mode Local Endpoint:%n%tPrincipal Name:%t%17%n%tCertificate SHA Thumbprint:%t%18%n%tCertificate Issuing CA:%t%19%n%tCertificate Root CA:%t%20%n%nExtended Mode Remote Endpoint:%n%tPrincipal Name:%t%21%n%tCertificate SHA Thumbprint:%t%22%n%tCertificate Issuing CA:%t%23%n%tCertificate Root CA:%t%24%n%nExtended Mode Additional Information:%n%tAuthentication Method:%tSSL%n%tImpersonation State:%t%25%n%tQuick Mode Filter ID:%t%26 IPsec main mode and extended mode security associations were established.%n%nMain Mode Local Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%3%n%tKeying Module Port:%t%4%n%nMain Mode Remote Endpoint:%n%tPrincipal Name:%t%2%n%tNetwork Address:%t%5%n%tKeying Module Port:%t%6%n%nMain Mode Cryptographic Information:%n%tCipher Algorithm:%t%8%n%tIntegrity Algorithm:%t%9%n%tDiffie-Hellman Group:%t%10%n%nMain Mode Security Association:%n%tLifetime (minutes):%t%11%n%tQuick Mode Limit:%t%12%n%tMain Mode SA ID:%t%16%n%t%nMain Mode Additional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%t%7%n%tRole:%t%t%t%13%n%tImpersonation State:%t%14%n%tMain Mode Filter ID:%t%15%n%nExtended Mode Local Endpoint:%n%tPrincipal Name:%t%17%n%tCertificate SHA Thumbprint:%t%18%n%tCertificate Issuing CA:%t%19%n%tCertificate Root CA:%t%20%n%nExtended Mode Remote Endpoint:%n%tPrincipal Name:%t%21%n%tCertificate SHA Thumbprint:%t%22%n%tCertificate Issuing CA:%t%23%n%tCertificate Root CA:%t%24%n%nExtended Mode Additional Information:%n%tAuthentication Method:%tSSL%n%tImpersonation State:%t%25%n%tQuick Mode Filter ID:%t%26
0x1375IPsec main mode and extended mode security associations were established.%n%nLocal Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%9%n%tKeying Module Port:%t%10%n%nLocal Certificate:%n%tSHA Thumbprint:%t%2%n%tIssuing CA:%t%t%3%n%tRoot CA:%t%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%5%n%tNetwork Address:%t%11%n%tKeying Module Port:%t%12%n%nRemote Certificate:%n%tSHA Thumbprint:%t%6%n%tIssuing CA:%t%t%7%n%tRoot CA:%t%t%8%n%nCryptographic Information:%n%tCipher Algorithm:%t%13%n%tIntegrity Algorithm:%t%14%n%tDiffie-Hellman Group:%t%15%n%nSecurity Association Information:%n%tLifetime (minutes):%t%16%n%tQuick Mode Limit:%t%17%n%tMain Mode SA ID:%t%21%n%nAdditional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%tSSL%n%tRole:%t%t%t%18%n%tImpersonation State:%t%19%n%tMain Mode Filter ID:%t%20%n%t%nExtended Mode Information:%n%tLocal Principal Name:%t%22%n%tRemote Principal Name:%t%23%n%tAuthentication Method:%t%24%n%tImpersonation State:%t%25%n%tQuick Mode Filter ID:%t%26 IPsec main mode and extended mode security associations were established.%n%nLocal Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%9%n%tKeying Module Port:%t%10%n%nLocal Certificate:%n%tSHA Thumbprint:%t%2%n%tIssuing CA:%t%t%3%n%tRoot CA:%t%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%5%n%tNetwork Address:%t%11%n%tKeying Module Port:%t%12%n%nRemote Certificate:%n%tSHA Thumbprint:%t%6%n%tIssuing CA:%t%t%7%n%tRoot CA:%t%t%8%n%nCryptographic Information:%n%tCipher Algorithm:%t%13%n%tIntegrity Algorithm:%t%14%n%tDiffie-Hellman Group:%t%15%n%nSecurity Association Information:%n%tLifetime (minutes):%t%16%n%tQuick Mode Limit:%t%17%n%tMain Mode SA ID:%t%21%n%nAdditional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%tSSL%n%tRole:%t%t%t%18%n%tImpersonation State:%t%19%n%tMain Mode Filter ID:%t%20%n%t%nExtended Mode Information:%n%tLocal Principal Name:%t%22%n%tRemote Principal Name:%t%23%n%tAuthentication Method:%t%24%n%tImpersonation State:%t%25%n%tQuick Mode Filter ID:%t%26
0x1376IPsec main mode and extended mode security associations were established.%n%nLocal Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%n%tKeying Module Port:%t%9%n%nLocal Certificate:%n%tSHA Thumbprint:%t%2%n%tIssuing CA:%t%t%3%n%tRoot CA:%t%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%5%n%tNetwork Address:%t%10%n%tKeying Module Port:%t%11%n%nRemote Certificate:%n%tSHA Thumbprint:%t%6%n%tIssuing CA:%t%t%7%n%tRoot CA:%t%t%8%n%nCryptographic Information:%n%tCipher Algorithm:%t%12%n%tIntegrity Algorithm:%t%13%n%tDiffie-Hellman Group:%t%14%n%nSecurity Association Information:%n%tLifetime (minutes):%t%15%n%tQuick Mode Limit:%t%16%n%tMain Mode SA ID:%t%20%n%nAdditional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%tSSL%n%tRole:%t%t%t%17%n%tImpersonation State:%t%18%n%tMain Mode Filter ID:%t%19%n%t%nExtended Mode Local Endpoint:%n%tPrincipal Name:%t%t%21%n%tCertificate SHA Thumbprint:%t%22%n%tCertificate Issuing CA:%t%23%n%tCertificate Root CA:%t%24%n%nExtended Mode Remote Endpoint:%n%tPrincipal Name:%t%t%25%n%tCertificate SHA Thumbprint:%t%26%n%tCertificate Issuing CA:%t%27%n%tCertificate Root CA:%t%28%nExtended Mode Additional Information:%n%tAuthentication Method:%tSSL%n%tImpersonation State:%t%29%n%tQuick Mode Filter ID:%t%30 IPsec main mode and extended mode security associations were established.%n%nLocal Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%n%tKeying Module Port:%t%9%n%nLocal Certificate:%n%tSHA Thumbprint:%t%2%n%tIssuing CA:%t%t%3%n%tRoot CA:%t%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%5%n%tNetwork Address:%t%10%n%tKeying Module Port:%t%11%n%nRemote Certificate:%n%tSHA Thumbprint:%t%6%n%tIssuing CA:%t%t%7%n%tRoot CA:%t%t%8%n%nCryptographic Information:%n%tCipher Algorithm:%t%12%n%tIntegrity Algorithm:%t%13%n%tDiffie-Hellman Group:%t%14%n%nSecurity Association Information:%n%tLifetime (minutes):%t%15%n%tQuick Mode Limit:%t%16%n%tMain Mode SA ID:%t%20%n%nAdditional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%tSSL%n%tRole:%t%t%t%17%n%tImpersonation State:%t%18%n%tMain Mode Filter ID:%t%19%n%t%nExtended Mode Local Endpoint:%n%tPrincipal Name:%t%t%21%n%tCertificate SHA Thumbprint:%t%22%n%tCertificate Issuing CA:%t%23%n%tCertificate Root CA:%t%24%n%nExtended Mode Remote Endpoint:%n%tPrincipal Name:%t%t%25%n%tCertificate SHA Thumbprint:%t%26%n%tCertificate Issuing CA:%t%27%n%tCertificate Root CA:%t%28%nExtended Mode Additional Information:%n%tAuthentication Method:%tSSL%n%tImpersonation State:%t%29%n%tQuick Mode Filter ID:%t%30
0x1377An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted.%n%n%nLocal Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%9%n%tKeying Module Port:%t%10%n%nLocal Certificate:%n%tSHA Thumbprint:%t%2%n%tIssuing CA:%t%t%3%n%tRoot CA:%t%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%5%n%tNetwork Address:%t%11%n%tKeying Module Port:%t%12%n%nRemote Certificate:%n%tSHA Thumbprint:%t%6%n%tIssuing CA:%t%t%7%n%tRoot CA:%t%t%8%n%nAdditional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%tSSL%n%tRole:%t%t%t%16%n%tImpersonation State:%t%17%n%tQuick Mode Filter ID:%t%18%n%nFailure Information:%n%tFailure Point:%t%t%13%n%tFailure Reason:%t%t%14%n%tState:%t%t%t%15 An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted.%n%n%nLocal Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%9%n%tKeying Module Port:%t%10%n%nLocal Certificate:%n%tSHA Thumbprint:%t%2%n%tIssuing CA:%t%t%3%n%tRoot CA:%t%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%5%n%tNetwork Address:%t%11%n%tKeying Module Port:%t%12%n%nRemote Certificate:%n%tSHA Thumbprint:%t%6%n%tIssuing CA:%t%t%7%n%tRoot CA:%t%t%8%n%nAdditional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%tSSL%n%tRole:%t%t%t%16%n%tImpersonation State:%t%17%n%tQuick Mode Filter ID:%t%18%n%nFailure Information:%n%tFailure Point:%t%t%13%n%tFailure Reason:%t%t%14%n%tState:%t%t%t%15
0x1378An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted.%n%nLocal Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%3%n%tKeying Module Port:%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%2%n%tNetwork Address:%t%5%n%tKeying Module Port:%t%6%n%nAdditional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%t%9%n%tRole:%t%t%t%11%n%tImpersonation State:%t%12%n%tQuick Mode Filter ID:%t%13%n%nFailure Information:%n%tFailure Point:%t%t%7%n%tFailure Reason:%t%t%8%n%tState:%t%t%t%10 An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted.%n%nLocal Endpoint:%n%tPrincipal Name:%t%t%1%n%tNetwork Address:%t%3%n%tKeying Module Port:%t%4%n%nRemote Endpoint:%n%tPrincipal Name:%t%t%2%n%tNetwork Address:%t%5%n%tKeying Module Port:%t%6%n%nAdditional Information:%n%tKeying Module Name:%tAuthIP%n%tAuthentication Method:%t%9%n%tRole:%t%t%t%11%n%tImpersonation State:%t%12%n%tQuick Mode Filter ID:%t%13%n%nFailure Information:%n%tFailure Point:%t%t%7%n%tFailure Reason:%t%t%8%n%tState:%t%t%t%10
0x1379The state of a transaction has changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTransaction Information:%n%tRM Transaction ID:%t%5%n%tNew State:%t%t%6%n%tResource Manager:%t%7%n%nProcess Information:%n%tProcess ID:%t%t%8%n%tProcess Name:%t%t%9 The state of a transaction has changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nTransaction Information:%n%tRM Transaction ID:%t%5%n%tNew State:%t%t%6%n%tResource Manager:%t%7%n%nProcess Information:%n%tProcess ID:%t%t%8%n%tProcess Name:%t%t%9
0x13A0The Windows Firewall service started successfully. The Windows Firewall service started successfully.
0x13A1The Windows Firewall service was stopped. The Windows Firewall service was stopped.
0x13A3The Windows Firewall service was unable to retrieve the security policy from the local storage. Windows Firewall will continue to enforce the current policy.%n%nError Code:%t%1 The Windows Firewall service was unable to retrieve the security policy from the local storage. Windows Firewall will continue to enforce the current policy.%n%nError Code:%t%1
0x13A4Windows Firewall was unable to parse the new security policy. Windows Firewall will continue to enforce the current policy.%n%nError Code:%t%1 Windows Firewall was unable to parse the new security policy. Windows Firewall will continue to enforce the current policy.%n%nError Code:%t%1
0x13A5The Windows Firewall service failed to initialize the driver. Windows Firewall will continue to enforce the current policy.%n%nError Code:%t%1 The Windows Firewall service failed to initialize the driver. Windows Firewall will continue to enforce the current policy.%n%nError Code:%t%1
0x13A6The Windows Firewall service failed to start.%n%nError Code:%t%1 The Windows Firewall service failed to start.%n%nError Code:%t%1
0x13A7Windows Firewall blocked an application from accepting incoming connections on the network.%n%nProfiles:%t%t%1%nApplication:%t%t%2 Windows Firewall blocked an application from accepting incoming connections on the network.%n%nProfiles:%t%t%1%nApplication:%t%t%2
0x13A8Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.%n%nError Code:%t%1 Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.%n%nError Code:%t%1
0x13A9The Windows Firewall Driver started successfully. The Windows Firewall Driver started successfully.
0x13AAThe Windows Firewall Driver was stopped. The Windows Firewall Driver was stopped.
0x13ABThe Windows Firewall Driver failed to start.%n%nError Code:%t%1 The Windows Firewall Driver failed to start.%n%nError Code:%t%1
0x13ADThe Windows Firewall Driver detected a critical runtime error, terminating.%n%nError Code:%t%1 The Windows Firewall Driver detected a critical runtime error, terminating.%n%nError Code:%t%1
0x13AECode integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.%n%nFile Name:%t%1%t Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.%n%nFile Name:%t%1%t
0x13AFA registry key was virtualized.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tKey Name:%t%t%5%n%tVirtual Key Name:%t%t%6%n%nProcess Information:%n%tProcess ID:%t%t%7%n%tProcess Name:%t%t%8 A registry key was virtualized.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tKey Name:%t%t%5%n%tVirtual Key Name:%t%t%6%n%nProcess Information:%n%tProcess ID:%t%t%7%n%tProcess Name:%t%t%8
0x13B0A change was made to IPsec settings. An authentication set was added.%n%t%nProfile Changed:%t%t%1%n%nAdded Authentication Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3 A change was made to IPsec settings. An authentication set was added.%n%t%nProfile Changed:%t%t%1%n%nAdded Authentication Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3
0x13B1A change was made to IPsec settings. An authentication set was modified.%n%t%nProfile Changed:%t%t%1%n%nModified Authentication Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3 A change was made to IPsec settings. An authentication set was modified.%n%t%nProfile Changed:%t%t%1%n%nModified Authentication Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3
0x13B2A change was made to IPsec settings. An authentication set was deleted.%n%t%nProfile Changed:%t%t%1%n%nDeleted Authentication Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3 A change was made to IPsec settings. An authentication set was deleted.%n%t%nProfile Changed:%t%t%1%n%nDeleted Authentication Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3
0x13B3A change was made to IPsec settings. A connection security rule was added.%n%t%nProfile Changed:%t%t%1%n%nAdded Connection Security Rule:%n%tID:%t%t%t%2%n%tName:%t%t%t%3 A change was made to IPsec settings. A connection security rule was added.%n%t%nProfile Changed:%t%t%1%n%nAdded Connection Security Rule:%n%tID:%t%t%t%2%n%tName:%t%t%t%3
0x13B4A change was made to IPsec settings. A connection security rule was modified.%n%t%nProfile Changed:%t%1%n%nModified Connection Security Rule:%n%tID:%t%t%t%2%n%tName:%t%t%t%3 A change was made to IPsec settings. A connection security rule was modified.%n%t%nProfile Changed:%t%1%n%nModified Connection Security Rule:%n%tID:%t%t%t%2%n%tName:%t%t%t%3
0x13B5A change was made to IPsec settings. A connection security rule was deleted.%n%t%nProfile Changed:%t%1%n%nDeleted Connection Security Rule:%n%tID:%t%t%t%2%n%tName:%t%t%t%3 A change was made to IPsec settings. A connection security rule was deleted.%n%t%nProfile Changed:%t%1%n%nDeleted Connection Security Rule:%n%tID:%t%t%t%2%n%tName:%t%t%t%3
0x13B6A change was made to IPsec settings. A crypto set was added.%n%t%nProfile Changed:%t%1%n%nAdded Crypto Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3 A change was made to IPsec settings. A crypto set was added.%n%t%nProfile Changed:%t%1%n%nAdded Crypto Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3
0x13B7A change was made to IPsec settings. A crypto set was modified.%n%t%nProfile Changed:%t%1%n%nModified Crypto Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3 A change was made to IPsec settings. A crypto set was modified.%n%t%nProfile Changed:%t%1%n%nModified Crypto Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3
0x13B8A change was made to IPsec settings. A crypto set was deleted.%n%t%nProfile Changed:%t%1%n%nDeleted Crypto Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3 A change was made to IPsec settings. A crypto set was deleted.%n%t%nProfile Changed:%t%1%n%nDeleted Crypto Set:%n%tID:%t%t%t%2%n%tName:%t%t%t%3
0x13B9An IPsec security association was deleted.%n%t%nProfile Changed:%t%1%n%nDeleted SA:%n%tID:%t%t%t%2%n%tName:%t%t%t%3 An IPsec security association was deleted.%n%t%nProfile Changed:%t%1%n%nDeleted SA:%n%tID:%t%t%t%2%n%tName:%t%t%t%3
0x13BAAn attempt to programmatically disable Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on this version of Windows. This is most likely due to a program that is incompatible with this version of Windows. Please contact the program's manufacturer to make sure you have a compatible program version.%n%nError Code:%t%tE_NOTIMPL%nCaller Process Name:%t%t%1%nProcess Id:%t%t%2%nPublisher:%t%t%3 An attempt to programmatically disable Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on this version of Windows. This is most likely due to a program that is incompatible with this version of Windows. Please contact the program's manufacturer to make sure you have a compatible program version.%n%nError Code:%t%tE_NOTIMPL%nCaller Process Name:%t%t%1%nProcess Id:%t%t%2%nPublisher:%t%t%3
0x13BBA file was virtualized.%n%nSubject:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%t%4%n%nObject:%n%tFile Name:%t%t%t%5%n%tVirtual File Name:%t%6%n%nProcess Information:%n%tProcess ID:%t%t%t%7%n%tProcess Name:%t%t%t%8 A file was virtualized.%n%nSubject:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%t%4%n%nObject:%n%tFile Name:%t%t%t%5%n%tVirtual File Name:%t%6%n%nProcess Information:%n%tProcess ID:%t%t%t%7%n%tProcess Name:%t%t%t%8
0x13C0A cryptographic self test was performed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nModule:%t%t%5%n%nReturn Code:%t%6 A cryptographic self test was performed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nModule:%t%t%5%n%nReturn Code:%t%6
0x13C1A cryptographic primitive operation failed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Parameters:%n%tProvider Name:%t%t%5%n%tAlgorithm Name:%t%6%n%nFailure Information:%n%tReason:%t%t%t%7%n%tReturn Code:%t%t%8 A cryptographic primitive operation failed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Parameters:%n%tProvider Name:%t%t%5%n%tAlgorithm Name:%t%6%n%nFailure Information:%n%tReason:%t%t%t%7%n%tReturn Code:%t%t%8
0x13C2Key file operation.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Parameters:%n%tProvider Name:%t%5%n%tAlgorithm Name:%t%6%n%tKey Name:%t%7%n%tKey Type:%t%8%n%nKey File Operation Information:%n%tFile Path:%t%9%n%tOperation:%t%10%n%tReturn Code:%t%11 Key file operation.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Parameters:%n%tProvider Name:%t%5%n%tAlgorithm Name:%t%6%n%tKey Name:%t%7%n%tKey Type:%t%8%n%nKey File Operation Information:%n%tFile Path:%t%9%n%tOperation:%t%10%n%tReturn Code:%t%11
0x13C3Key migration operation.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Parameters:%n%tProvider Name:%t%5%n%tAlgorithm Name:%t%6%n%tKey Name:%t%7%n%tKey Type:%t%8%n%nAdditional Information:%n%tOperation:%t%9%n%tReturn Code:%t%10 Key migration operation.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Parameters:%n%tProvider Name:%t%5%n%tAlgorithm Name:%t%6%n%tKey Name:%t%7%n%tKey Type:%t%8%n%nAdditional Information:%n%tOperation:%t%9%n%tReturn Code:%t%10
0x13C4Verification operation failed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Parameters:%n%tProvider Name:%t%5%n%tAlgorithm Name:%t%6%n%tKey Name:%t%7%n%tKey Type:%t%8%n%nFailure Information:%n%tReason:%t%9%n%tReturn Code:%t%10 Verification operation failed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Parameters:%n%tProvider Name:%t%5%n%tAlgorithm Name:%t%6%n%tKey Name:%t%7%n%tKey Type:%t%8%n%nFailure Information:%n%tReason:%t%9%n%tReturn Code:%t%10
0x13C5Cryptographic operation.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Parameters:%n%tProvider Name:%t%5%n%tAlgorithm Name:%t%6%n%tKey Name:%t%7%n%tKey Type:%t%8%n%nCryptographic Operation:%n%tOperation:%t%9%n%tReturn Code:%t%10 Cryptographic operation.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Parameters:%n%tProvider Name:%t%5%n%tAlgorithm Name:%t%6%n%tKey Name:%t%7%n%tKey Type:%t%8%n%nCryptographic Operation:%n%tOperation:%t%9%n%tReturn Code:%t%10
0x13C6A kernel-mode cryptographic self test was performed.%n%nModule:%t%1%n%nReturn Code:%t%2 A kernel-mode cryptographic self test was performed.%n%nModule:%t%1%n%nReturn Code:%t%2
0x13C7A cryptographic provider operation was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Provider:%n%tName:%t%5%n%tModule:%t%6%n%nOperation:%t%7%n%nReturn Code:%t%8 A cryptographic provider operation was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCryptographic Provider:%n%tName:%t%5%n%tModule:%t%6%n%nOperation:%t%7%n%nReturn Code:%t%8
0x13C8A cryptographic context operation was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%nOperation:%t%7%n%nReturn Code:%t%8 A cryptographic context operation was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%nOperation:%t%7%n%nReturn Code:%t%8
0x13C9A cryptographic context modification was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%nChange Information:%n%tOld Value:%t%7%n%tNew Value:%t%8%n%nReturn Code:%t%9 A cryptographic context modification was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%nChange Information:%n%tOld Value:%t%7%n%tNew Value:%t%8%n%nReturn Code:%t%9
0x13CAA cryptographic function operation was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%tInterface:%t%7%n%tFunction:%t%8%n%tPosition:%t%9%n%nOperation:%t%10%n%nReturn Code:%t%11 A cryptographic function operation was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%tInterface:%t%7%n%tFunction:%t%8%n%tPosition:%t%9%n%nOperation:%t%10%n%nReturn Code:%t%11
0x13CBA cryptographic function modification was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%tInterface:%t%7%n%tFunction:%t%8%n%nChange Information:%n%tOld Value:%t%9%n%tNew Value:%t%10%n%nReturn Code:%t%11 A cryptographic function modification was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%tInterface:%t%7%n%tFunction:%t%8%n%nChange Information:%n%tOld Value:%t%9%n%tNew Value:%t%10%n%nReturn Code:%t%11
0x13CCA cryptographic function provider operation was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%tInterface:%t%7%n%tFunction:%t%8%n%tProvider:%t%9%n%tPosition:%t%10%n%nOperation:%t%11%n%nReturn Code:%t%12 A cryptographic function provider operation was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%tInterface:%t%7%n%tFunction:%t%8%n%tProvider:%t%9%n%tPosition:%t%10%n%nOperation:%t%11%n%nReturn Code:%t%12
0x13CDA cryptographic function property operation was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%tInterface:%t%7%n%tFunction:%t%8%n%tProperty:%t%9%n%nOperation:%t%10%n%nValue:%t%11%n%nReturn Code:%t%12 A cryptographic function property operation was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%tInterface:%t%7%n%tFunction:%t%8%n%tProperty:%t%9%n%nOperation:%t%10%n%nValue:%t%11%n%nReturn Code:%t%12
0x13CEA cryptographic function property modification was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%tInterface:%t%7%n%tFunction:%t%8%n%tProperty:%t%9%n%nChange Information:%n%tOld Value:%t%10%n%tNew Value:%t%11%n%nReturn Code:%t%12 A cryptographic function property modification was attempted.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nConfiguration Parameters:%n%tScope:%t%5%n%tContext:%t%6%n%tInterface:%t%7%n%tFunction:%t%8%n%tProperty:%t%9%n%nChange Information:%n%tOld Value:%t%10%n%tNew Value:%t%11%n%nReturn Code:%t%12
0x13CFKey access denied by Microsoft key distribution service.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nSecurity Descriptor:%t%5 Key access denied by Microsoft key distribution service.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nSecurity Descriptor:%t%5
0x1400OCSP Responder Service Started. OCSP Responder Service Started.
0x1401OCSP Responder Service Stopped. OCSP Responder Service Stopped.
0x1402A Configuration entry changed in the OCSP Responder Service.%n%nCA Configuration ID:%t%t%1%nNew Value:%t%t%2 A Configuration entry changed in the OCSP Responder Service.%n%nCA Configuration ID:%t%t%1%nNew Value:%t%t%2
0x1403A configuration entry changed in the OCSP Responder Service.%n%nProperty Name:%t%t%1%nNew Value:%t%t%2 A configuration entry changed in the OCSP Responder Service.%n%nProperty Name:%t%t%1%nNew Value:%t%t%2
0x1404A security setting was updated on OCSP Responder Service.%n%nNew Value:%t%1 A security setting was updated on OCSP Responder Service.%n%nNew Value:%t%1
0x1405A request was submitted to OCSP Responder Service. %n%nCertificate Serial Number: %1%nIssuer CA Name: %2%nRevocation Status: %3 A request was submitted to OCSP Responder Service. %n%nCertificate Serial Number: %1%nIssuer CA Name: %2%nRevocation Status: %3
0x1406Signing Certificate was automatically updated by the OCSP Responder Service.%n%nCA Configuration ID:%t%t%1%nNew Signing Certificate Hash:%t%t%2 Signing Certificate was automatically updated by the OCSP Responder Service.%n%nCA Configuration ID:%t%t%1%nNew Signing Certificate Hash:%t%t%2
0x1407The OCSP Revocation Provider successfully updated the revocation information.%n%nCA Configuration ID:%t%t%1%nBase CRL Number:%t%t%2%nBase CRL This Update:%t%t%3%nBase CRL Hash:%t%t%4%nDelta CRL Number:%t%t%5%nDelta CRL Indicator:%t%t%6%nDelta CRL This Update:%t%t%7%nDelta CRL Hash:%t%t%8 The OCSP Revocation Provider successfully updated the revocation information.%n%nCA Configuration ID:%t%t%1%nBase CRL Number:%t%t%2%nBase CRL This Update:%t%t%3%nBase CRL Hash:%t%t%4%nDelta CRL Number:%t%t%5%nDelta CRL Indicator:%t%t%6%nDelta CRL This Update:%t%t%7%nDelta CRL Hash:%t%t%8
0x1410A directory service object was modified.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tDN:%t%9%n%tGUID:%t%10%n%tClass:%t%11%n%t%nAttribute:%n%tLDAP Display Name:%t%12%n%tSyntax (OID):%t%13%n%tValue:%t%14%n%t%nOperation:%n%tType:%t%15%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2 A directory service object was modified.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tDN:%t%9%n%tGUID:%t%10%n%tClass:%t%11%n%t%nAttribute:%n%tLDAP Display Name:%t%12%n%tSyntax (OID):%t%13%n%tValue:%t%14%n%t%nOperation:%n%tType:%t%15%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2
0x1411A directory service object was created.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%t%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tDN:%t%9%n%tGUID:%t%10%n%tClass:%t%11%n%t%nOperation:%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2 A directory service object was created.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%t%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tDN:%t%9%n%tGUID:%t%10%n%tClass:%t%11%n%t%nOperation:%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2
0x1412A directory service object was undeleted.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%t%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tOld DN:%t%9%n%tNew DN:%t%10%n%tGUID:%t%11%n%tClass:%t%12%n%t%nOperation:%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2 A directory service object was undeleted.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%t%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tOld DN:%t%9%n%tNew DN:%t%10%n%tGUID:%t%11%n%tClass:%t%12%n%t%nOperation:%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2
0x1413A directory service object was moved.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%t%nDirectory Service:%n%tName:%t%t%7%n%tType:%t%t%8%n%t%nObject:%n%tOld DN:%t%t%9%n%tNew DN:%t%10%n%tGUID:%t%t%11%n%tClass:%t%t%12%n%t%nOperation:%n%tCorrelation ID:%t%t%t%1%n%tApplication Correlation ID:%t%2 A directory service object was moved.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%t%nDirectory Service:%n%tName:%t%t%7%n%tType:%t%t%8%n%t%nObject:%n%tOld DN:%t%t%9%n%tNew DN:%t%10%n%tGUID:%t%t%11%n%tClass:%t%t%12%n%t%nOperation:%n%tCorrelation ID:%t%t%t%1%n%tApplication Correlation ID:%t%2
0x1414A network share object was accessed.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nNetwork Information:%t%n%tObject Type:%t%t%5%n%tSource Address:%t%t%6%n%tSource Port:%t%t%7%n%t%nShare Information:%n%tShare Name:%t%t%8%n%tShare Path:%t%t%9%n%nAccess Request Information:%n%tAccess Mask:%t%t%10%n%tAccesses:%t%t%11%n A network share object was accessed.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nNetwork Information:%t%n%tObject Type:%t%t%5%n%tSource Address:%t%t%6%n%tSource Port:%t%t%7%n%t%nShare Information:%n%tShare Name:%t%t%8%n%tShare Path:%t%t%9%n%nAccess Request Information:%n%tAccess Mask:%t%t%10%n%tAccesses:%t%t%11%n
0x1415A directory service object was deleted.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%t%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tDN:%t%9%n%tGUID:%t%10%n%tClass:%t%11%n%t%nOperation:%n%tTree Delete:%t%12%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2 A directory service object was deleted.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%t%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tDN:%t%9%n%tGUID:%t%10%n%tClass:%t%11%n%t%nOperation:%n%tTree Delete:%t%12%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2
0x1416A network share object was added.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nShare Information:%t%n%tShare Name:%t%t%5%n%tShare Path:%t%t%6 A network share object was added.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nShare Information:%t%n%tShare Name:%t%t%5%n%tShare Path:%t%t%6
0x1417A network share object was modified.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nShare Information:%n%tObject Type:%t%t%5%n%tShare Name:%t%t%6%n%tShare Path:%t%t%7%n%tOld Remark:%t%t%8%n%tNew Remark:%t%t%9%n%tOld MaxUsers:%t%t%10%n%tNew Maxusers:%t%t%11%n%tOld ShareFlags:%t%t%12%n%tNew ShareFlags:%t%t%13%n%tOld SD:%t%t%t%14%n%tNew SD:%t%t%t%15%n A network share object was modified.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nShare Information:%n%tObject Type:%t%t%5%n%tShare Name:%t%t%6%n%tShare Path:%t%t%7%n%tOld Remark:%t%t%8%n%tNew Remark:%t%t%9%n%tOld MaxUsers:%t%t%10%n%tNew Maxusers:%t%t%11%n%tOld ShareFlags:%t%t%12%n%tNew ShareFlags:%t%t%13%n%tOld SD:%t%t%t%14%n%tNew SD:%t%t%t%15%n
0x1418A network share object was deleted.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nShare Information:%t%n%tShare Name:%t%t%5%n%tShare Path:%t%t%6 A network share object was deleted.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nShare Information:%t%n%tShare Name:%t%t%5%n%tShare Path:%t%t%6
0x1419A network share object was checked to see whether client can be granted desired access.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nNetwork Information:%t%n%tObject Type:%t%t%5%n%tSource Address:%t%t%6%n%tSource Port:%t%t%7%n%t%nShare Information:%n%tShare Name:%t%t%8%n%tShare Path:%t%t%9%n%tRelative Target Name:%t%10%n%nAccess Request Information:%n%tAccess Mask:%t%t%11%n%tAccesses:%t%t%12%nAccess Check Results:%n%t%13%n A network share object was checked to see whether client can be granted desired access.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nNetwork Information:%t%n%tObject Type:%t%t%5%n%tSource Address:%t%t%6%n%tSource Port:%t%t%7%n%t%nShare Information:%n%tShare Name:%t%t%8%n%tShare Path:%t%t%9%n%tRelative Target Name:%t%10%n%nAccess Request Information:%n%tAccess Mask:%t%t%11%n%tAccesses:%t%t%12%nAccess Check Results:%n%t%13%n
0x141AThe Windows Filtering Platform has blocked a packet.%n%nNetwork Information:%n%tDirection:%t%t%1%n%tSource Address:%t%2%n%tDestination Address:%t%3%n%tEtherType:%t%t%4%n%tVlanTag:%t%t%5%n%tvSwitchId:%t%t%6%n%tSource vSwitch Port:%t%t%7%n%tDestination vSwitch Port:%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11 The Windows Filtering Platform has blocked a packet.%n%nNetwork Information:%n%tDirection:%t%t%1%n%tSource Address:%t%2%n%tDestination Address:%t%3%n%tEtherType:%t%t%4%n%tVlanTag:%t%t%5%n%tvSwitchId:%t%t%6%n%tSource vSwitch Port:%t%t%7%n%tDestination vSwitch Port:%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11
0x141BA more restrictive Windows Filtering Platform filter has blocked a packet.%n%nNetwork Information:%n%tDirection:%t%t%1%n%tSource Address:%t%2%n%tDestination Address:%t%3%n%tEtherType:%t%t%4%n%tVlanTag:%t%t%5%n%tvSwitchId:%t%t%6%n%tSource vSwitch Port:%t%t%7%n%tDestination vSwitch Port:%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11 A more restrictive Windows Filtering Platform filter has blocked a packet.%n%nNetwork Information:%n%tDirection:%t%t%1%n%tSource Address:%t%2%n%tDestination Address:%t%3%n%tEtherType:%t%t%4%n%tVlanTag:%t%t%5%n%tvSwitchId:%t%t%6%n%tSource vSwitch Port:%t%t%7%n%tDestination vSwitch Port:%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11
0x141CThe Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.%n%nNetwork Information:%n%tType:%t%t%1 The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.%n%nNetwork Information:%n%tType:%t%t%1
0x141DThe DoS attack has subsided and normal processing is being resumed.%n%nNetwork Information:%n%tType:%t%t%1%n%tPackets Discarded:%t%t%t%2 The DoS attack has subsided and normal processing is being resumed.%n%nNetwork Information:%n%tType:%t%t%1%n%tPackets Discarded:%t%t%t%2
0x141EThe Windows Filtering Platform has blocked a packet.%n%nNetwork Information:%n%tDirection:%t%t%1%n%tSource Address:%t%t%2%n%tDestination Address:%t%3%n%tEtherType:%t%t%4%n%tMediaType:%t%t%5%n%tInterfaceType:%t%t%6%n%tVlanTag:%t%t%t%7%n%nFilter Information:%n%tFilter Run-Time ID:%t%8%n%tLayer Name:%t%t%9%n%tLayer Run-Time ID:%t%10 The Windows Filtering Platform has blocked a packet.%n%nNetwork Information:%n%tDirection:%t%t%1%n%tSource Address:%t%t%2%n%tDestination Address:%t%3%n%tEtherType:%t%t%4%n%tMediaType:%t%t%5%n%tInterfaceType:%t%t%6%n%tVlanTag:%t%t%t%7%n%nFilter Information:%n%tFilter Run-Time ID:%t%8%n%tLayer Name:%t%t%9%n%tLayer Run-Time ID:%t%10
0x141FA more restrictive Windows Filtering Platform filter has blocked a packet.%n%nNetwork Information:%n%tDirection:%t%t%1%n%tSource Address:%t%t%t%2%n%tDestination Address:%t%3%n%tEtherType:%t%t%4%n%tMediaType:%t%t%5%n%tInterfaceType:%t%t%6%n%tVlanTag:%t%t%t%7%n%nFilter Information:%n%tFilter Run-Time ID:%t%8%n%tLayer Name:%t%t%9%n%tLayer Run-Time ID:%t%10 A more restrictive Windows Filtering Platform filter has blocked a packet.%n%nNetwork Information:%n%tDirection:%t%t%1%n%tSource Address:%t%t%t%2%n%tDestination Address:%t%3%n%tEtherType:%t%t%4%n%tMediaType:%t%t%5%n%tInterfaceType:%t%t%6%n%tVlanTag:%t%t%t%7%n%nFilter Information:%n%tFilter Run-Time ID:%t%8%n%tLayer Name:%t%t%9%n%tLayer Run-Time ID:%t%10
0x1420The Windows Filtering Platform has blocked a packet.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tDirection:%t%t%3%n%tSource Address:%t%t%4%n%tSource Port:%t%t%5%n%tDestination Address:%t%6%n%tDestination Port:%t%t%7%n%tProtocol:%t%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11 The Windows Filtering Platform has blocked a packet.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tDirection:%t%t%3%n%tSource Address:%t%t%4%n%tSource Port:%t%t%5%n%tDestination Address:%t%6%n%tDestination Port:%t%t%7%n%tProtocol:%t%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11
0x1421A more restrictive Windows Filtering Platform filter has blocked a packet.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tDirection:%t%t%3%n%tSource Address:%t%t%4%n%tSource Port:%t%t%5%n%tDestination Address:%t%6%n%tDestination Port:%t%t%7%n%tProtocol:%t%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11 A more restrictive Windows Filtering Platform filter has blocked a packet.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tDirection:%t%t%3%n%tSource Address:%t%t%4%n%tSource Port:%t%t%5%n%tDestination Address:%t%6%n%tDestination Port:%t%t%7%n%tProtocol:%t%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11
0x1422The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tSource Address:%t%t%3%n%tSource Port:%t%t%4%n%tProtocol:%t%t%5%n%nFilter Information:%n%tFilter Run-Time ID:%t%6%n%tLayer Name:%t%t%7%n%tLayer Run-Time ID:%t%8 The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tSource Address:%t%t%3%n%tSource Port:%t%t%4%n%tProtocol:%t%t%5%n%nFilter Information:%n%tFilter Run-Time ID:%t%6%n%tLayer Name:%t%t%7%n%tLayer Run-Time ID:%t%8
0x1423The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tSource Address:%t%t%3%n%tSource Port:%t%t%4%n%tProtocol:%t%t%5%n%nFilter Information:%n%tFilter Run-Time ID:%t%6%n%tLayer Name:%t%t%7%n%tLayer Run-Time ID:%t%8 The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tSource Address:%t%t%3%n%tSource Port:%t%t%4%n%tProtocol:%t%t%5%n%nFilter Information:%n%tFilter Run-Time ID:%t%6%n%tLayer Name:%t%t%7%n%tLayer Run-Time ID:%t%8
0x1424The Windows Filtering Platform has permitted a connection.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tDirection:%t%t%3%n%tSource Address:%t%t%4%n%tSource Port:%t%t%5%n%tDestination Address:%t%6%n%tDestination Port:%t%t%7%n%tProtocol:%t%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11 The Windows Filtering Platform has permitted a connection.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tDirection:%t%t%3%n%tSource Address:%t%t%4%n%tSource Port:%t%t%5%n%tDestination Address:%t%6%n%tDestination Port:%t%t%7%n%tProtocol:%t%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11
0x1425The Windows Filtering Platform has blocked a connection.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tDirection:%t%t%3%n%tSource Address:%t%t%4%n%tSource Port:%t%t%5%n%tDestination Address:%t%6%n%tDestination Port:%t%t%7%n%tProtocol:%t%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11 The Windows Filtering Platform has blocked a connection.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tDirection:%t%t%3%n%tSource Address:%t%t%4%n%tSource Port:%t%t%5%n%tDestination Address:%t%6%n%tDestination Port:%t%t%7%n%tProtocol:%t%t%8%n%nFilter Information:%n%tFilter Run-Time ID:%t%9%n%tLayer Name:%t%t%10%n%tLayer Run-Time ID:%t%11
0x1426The Windows Filtering Platform has permitted a bind to a local port.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tSource Address:%t%t%3%n%tSource Port:%t%t%4%n%tProtocol:%t%t%5%n%nFilter Information:%n%tFilter Run-Time ID:%t%6%n%tLayer Name:%t%t%7%n%tLayer Run-Time ID:%t%8 The Windows Filtering Platform has permitted a bind to a local port.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tSource Address:%t%t%3%n%tSource Port:%t%t%4%n%tProtocol:%t%t%5%n%nFilter Information:%n%tFilter Run-Time ID:%t%6%n%tLayer Name:%t%t%7%n%tLayer Run-Time ID:%t%8
0x1427The Windows Filtering Platform has blocked a bind to a local port.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tSource Address:%t%t%3%n%tSource Port:%t%t%4%n%tProtocol:%t%t%5%n%nFilter Information:%n%tFilter Run-Time ID:%t%6%n%tLayer Name:%t%t%7%n%tLayer Run-Time ID:%t%8 The Windows Filtering Platform has blocked a bind to a local port.%n%nApplication Information:%n%tProcess ID:%t%t%1%n%tApplication Name:%t%2%n%nNetwork Information:%n%tSource Address:%t%t%3%n%tSource Port:%t%t%4%n%tProtocol:%t%t%5%n%nFilter Information:%n%tFilter Run-Time ID:%t%6%n%tLayer Name:%t%t%7%n%tLayer Run-Time ID:%t%8
0x1430Spn check for SMB/SMB2 fails.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nSPN:%t%n%tSPN Name:%t%t%5%n%tError Code:%t%t%6%n%nServer Information:%n%tServer Names:%t%t%7%n%tConfigured Names:%t%t%8%n%tIP Addresses:%t%t%9 Spn check for SMB/SMB2 fails.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nSPN:%t%n%tSPN Name:%t%t%5%n%tError Code:%t%t%6%n%nServer Information:%n%tServer Names:%t%t%7%n%tConfigured Names:%t%t%8%n%tIP Addresses:%t%t%9
0x1431A directory service object was modified.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tDN:%t%9%n%tGUID:%t%10%n%tClass:%t%11%n%t%nAttribute:%n%tLDAP Display Name:%t%12%n%tSyntax (OID):%t%13%n%tValue:%t%14%n%tExpiration Time:%t%15%n%t%nOperation:%n%tType:%t%16%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2 A directory service object was modified.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tDN:%t%9%n%tGUID:%t%10%n%tClass:%t%11%n%t%nAttribute:%n%tLDAP Display Name:%t%12%n%tSyntax (OID):%t%13%n%tValue:%t%14%n%tExpiration Time:%t%15%n%t%nOperation:%n%tType:%t%16%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2
0x1432A directory service object was modified during a background cleanup task.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tDN:%t%9%n%tGUID:%t%10%n%tClass:%t%11%n%t%nAttribute:%n%tLDAP Display Name:%t%12%n%tSyntax (OID):%t%13%n%tValue:%t%14%n%tExpiration Time:%t%15%n%t%nOperation:%n%tType:%t%16%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2 A directory service object was modified during a background cleanup task.%n%t%nSubject:%n%tSecurity ID:%t%t%3%n%tAccount Name:%t%t%4%n%tAccount Domain:%t%t%5%n%tLogon ID:%t%t%6%n%nDirectory Service:%n%tName:%t%7%n%tType:%t%8%n%t%nObject:%n%tDN:%t%9%n%tGUID:%t%10%n%tClass:%t%11%n%t%nAttribute:%n%tLDAP Display Name:%t%12%n%tSyntax (OID):%t%13%n%tValue:%t%14%n%tExpiration Time:%t%15%n%t%nOperation:%n%tType:%t%16%n%tCorrelation ID:%t%1%n%tApplication Correlation ID:%t%2
0x1500Credential Manager credentials were backed up.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nThis event occurs when a user backs up their own Credential Manager credentials. A user (even an Administrator) cannot back up the credentials of an account other than his own. Credential Manager credentials were backed up.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nThis event occurs when a user backs up their own Credential Manager credentials. A user (even an Administrator) cannot back up the credentials of an account other than his own.
0x1501Credential Manager credentials were restored from a backup.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nThis event occurs when a user restores his Credential Manager credentials from a backup. A user (even an Administrator) cannot restore the credentials of an account other than his own. Credential Manager credentials were restored from a backup.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nThis event occurs when a user restores his Credential Manager credentials from a backup. A user (even an Administrator) cannot restore the credentials of an account other than his own.
0x1502The requested credentials delegation was disallowed by policy.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCredential Delegation Information:%n%tSecurity Package:%t%5%n%tUser's UPN:%t%6%n%tTarget Server:%t%7%n%tCredential Type:%t%8 The requested credentials delegation was disallowed by policy.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nCredential Delegation Information:%n%tSecurity Package:%t%5%n%tUser's UPN:%t%6%n%tTarget Server:%t%7%n%tCredential Type:%t%8
0x1540The following callout was present when the Windows Filtering Platform Base Filtering Engine started.%n%nProvider Information:%t%n%tID:%t%t%1%n%tName:%t%t%2%n%nCallout Information:%n%tID:%t%t%3%n%tName:%t%t%4%n%tType:%t%t%5%n%tRun-Time ID:%t%6%n%nLayer Information:%n%tID:%t%t%7%n%tName:%t%t%8%n%tRun-Time ID:%t%9 The following callout was present when the Windows Filtering Platform Base Filtering Engine started.%n%nProvider Information:%t%n%tID:%t%t%1%n%tName:%t%t%2%n%nCallout Information:%n%tID:%t%t%3%n%tName:%t%t%4%n%tType:%t%t%5%n%tRun-Time ID:%t%6%n%nLayer Information:%n%tID:%t%t%7%n%tName:%t%t%8%n%tRun-Time ID:%t%9
0x1541The following filter was present when the Windows Filtering Platform Base Filtering Engine started.%n%nProvider Information:%t%n%tID:%t%t%1%n%tName:%t%t%2%n%nFilter Information:%n%tID:%t%t%3%n%tName:%t%t%4%n%tType:%t%t%5%n%tRun-Time ID:%t%6%n%nLayer Information:%n%tID:%t%t%7%n%tName:%t%t%8%n%tRun-Time ID:%t%9%n%tWeight:%t%t%10%n%t%nAdditional Information:%n%tConditions:%t%11%n%tFilter Action:%t%12%n%tCallout ID:%t%13%n%tCallout Name:%t%14 The following filter was present when the Windows Filtering Platform Base Filtering Engine started.%n%nProvider Information:%t%n%tID:%t%t%1%n%tName:%t%t%2%n%nFilter Information:%n%tID:%t%t%3%n%tName:%t%t%4%n%tType:%t%t%5%n%tRun-Time ID:%t%6%n%nLayer Information:%n%tID:%t%t%7%n%tName:%t%t%8%n%tRun-Time ID:%t%9%n%tWeight:%t%t%10%n%t%nAdditional Information:%n%tConditions:%t%11%n%tFilter Action:%t%12%n%tCallout ID:%t%13%n%tCallout Name:%t%14
0x1542The following provider was present when the Windows Filtering Platform Base Filtering Engine started.%n%t%nProvider ID:%t%1%nProvider Name:%t%2%nProvider Type:%t%3 The following provider was present when the Windows Filtering Platform Base Filtering Engine started.%n%t%nProvider ID:%t%1%nProvider Name:%t%2%nProvider Type:%t%3
0x1543The following provider context was present when the Windows Filtering Platform Base Filtering Engine started.%n%t%nProvider ID:%t%1%nProvider Name:%t%2%nProvider Context ID:%t%3%nProvider Context Name:%t%4%nProvider Context Type:%t%5 The following provider context was present when the Windows Filtering Platform Base Filtering Engine started.%n%t%nProvider ID:%t%1%nProvider Name:%t%2%nProvider Context ID:%t%3%nProvider Context Name:%t%4%nProvider Context Type:%t%5
0x1544The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started.%n%t%nProvider ID:%t%1%nProvider Name:%t%2%nSub-layer ID:%t%3%nSub-layer Name:%t%4%nSub-layer Type:%t%5%nWeight:%t%t%6 The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started.%n%t%nProvider ID:%t%1%nProvider Name:%t%2%nSub-layer ID:%t%3%nSub-layer Name:%t%4%nSub-layer Type:%t%5%nWeight:%t%t%6
0x1546A Windows Filtering Platform callout has been changed.%n%t%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%nProcess Information:%n%tProcess ID:%t%1%n%nProvider Information:%n%tID:%t%t%4%n%tName:%t%t%5%n%nChange Information:%n%tChange Type:%t%6%n%nCallout Information:%n%tID:%t%t%7%n%tName:%t%t%8%n%tType:%t%t%9%n%tRun-Time ID:%t%10%n%nLayer Information:%n%tID:%t%t%11%n%tName:%t%t%12%n%tRun-Time ID:%t%13 A Windows Filtering Platform callout has been changed.%n%t%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%nProcess Information:%n%tProcess ID:%t%1%n%nProvider Information:%n%tID:%t%t%4%n%tName:%t%t%5%n%nChange Information:%n%tChange Type:%t%6%n%nCallout Information:%n%tID:%t%t%7%n%tName:%t%t%8%n%tType:%t%t%9%n%tRun-Time ID:%t%10%n%nLayer Information:%n%tID:%t%t%11%n%tName:%t%t%12%n%tRun-Time ID:%t%13
0x1547A Windows Filtering Platform filter has been changed.%n%t%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%nProcess Information:%n%tProcess ID:%t%1%n%nProvider Information:%n%tID:%t%t%4%n%tName:%t%t%5%n%nChange Information:%n%tChange Type:%t%6%n%nFilter Information:%n%tID:%t%t%7%n%tName:%t%t%8%n%tType:%t%t%9%n%tRun-Time ID:%t%10%n%nLayer Information:%n%tID:%t%t%11%n%tName:%t%t%12%n%tRun-Time ID:%t%13%n%nCallout Information:%n%tID:%t%t%17%n%tName:%t%t%18%n%nAdditional Information:%n%tWeight:%t%14%t%n%tConditions:%t%15%n%tFilter Action:%t%16 A Windows Filtering Platform filter has been changed.%n%t%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%nProcess Information:%n%tProcess ID:%t%1%n%nProvider Information:%n%tID:%t%t%4%n%tName:%t%t%5%n%nChange Information:%n%tChange Type:%t%6%n%nFilter Information:%n%tID:%t%t%7%n%tName:%t%t%8%n%tType:%t%t%9%n%tRun-Time ID:%t%10%n%nLayer Information:%n%tID:%t%t%11%n%tName:%t%t%12%n%tRun-Time ID:%t%13%n%nCallout Information:%n%tID:%t%t%17%n%tName:%t%t%18%n%nAdditional Information:%n%tWeight:%t%14%t%n%tConditions:%t%15%n%tFilter Action:%t%16
0x1548A Windows Filtering Platform provider has been changed.%n%t%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%nProcess Information:%n%tProcess ID:%t%1%n%nChange Information:%n%tChange Type:%t%4%n%nProvider Information:%n%tID:%t%t%5%n%tName:%t%t%6%n%tType:%t%t%7 A Windows Filtering Platform provider has been changed.%n%t%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%nProcess Information:%n%tProcess ID:%t%1%n%nChange Information:%n%tChange Type:%t%4%n%nProvider Information:%n%tID:%t%t%5%n%tName:%t%t%6%n%tType:%t%t%7
0x1549A Windows Filtering Platform provider context has been changed.%n%t%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%nProcess Information:%n%tProcess ID:%t%1%n%nProvider Information:%n%tProvider ID:%t%4%n%tProvider Name:%t%5%n%nChange Information:%n%tChange Type:%t%6%n%nProvider Context:%n%tID:%t%7%n%tName:%t%8%n%tType:%t%9 A Windows Filtering Platform provider context has been changed.%n%t%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%nProcess Information:%n%tProcess ID:%t%1%n%nProvider Information:%n%tProvider ID:%t%4%n%tProvider Name:%t%5%n%nChange Information:%n%tChange Type:%t%6%n%nProvider Context:%n%tID:%t%7%n%tName:%t%8%n%tType:%t%9
0x154AA Windows Filtering Platform sub-layer has been changed.%n%t%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%nProcess Information:%n%tProcess ID:%t%1%n%nProvider Information:%n%tProvider ID:%t%4%n%tProvider Name:%t%5%n%nChange Information:%n%tChange Type:%t%6%n%nSub-layer Information:%n%tSub-layer ID:%t%7%n%tSub-layer Name:%t%8%n%tSub-layer Type:%t%9%n%nAdditional Information:%n%tWeight:%t%10 A Windows Filtering Platform sub-layer has been changed.%n%t%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%nProcess Information:%n%tProcess ID:%t%1%n%nProvider Information:%n%tProvider ID:%t%4%n%tProvider Name:%t%5%n%nChange Information:%n%tChange Type:%t%6%n%nSub-layer Information:%n%tSub-layer ID:%t%7%n%tSub-layer Name:%t%8%n%tSub-layer Type:%t%9%n%nAdditional Information:%n%tWeight:%t%10
0x154BAn IPsec quick mode security association was established.%n%t%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tNetwork Address mask:%t%2%n%tPort:%t%t%t%3%n%tTunnel Endpoint:%t%t%4%n%nRemote Endpoint:%n%tNetwork Address:%t%5%n%tNetwork Address Mask:%t%6%n%tPort:%t%t%t%7%n%tPrivate Address:%t%t%8%n%tTunnel Endpoint:%t%t%9%n%n%tProtocol:%t%t%10%n%tKeying Module Name:%t%11%n%nCryptographic Information:%n%tIntegrity Algorithm - AH:%t%12%n%tIntegrity Algorithm - ESP:%t%13%n%tEncryption Algorithm:%t%14%n%nSecurity Association Information:%n%tLifetime - seconds:%t%15%n%tLifetime - data:%t%t%16%n%tLifetime - packets:%t%17%n%tMode:%t%t%t%18%n%tRole:%t%t%t%19%n%tQuick Mode Filter ID:%t%20%n%tMain Mode SA ID:%t%21%n%tQuick Mode SA ID:%t%22%n%nAdditional Information:%n%tInbound SPI:%t%t%23%n%tOutbound SPI:%t%t%24%n%tVirtual Interface Tunnel ID:%t%t%25%n%tTraffic Selector ID:%t%t%26 An IPsec quick mode security association was established.%n%t%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tNetwork Address mask:%t%2%n%tPort:%t%t%t%3%n%tTunnel Endpoint:%t%t%4%n%nRemote Endpoint:%n%tNetwork Address:%t%5%n%tNetwork Address Mask:%t%6%n%tPort:%t%t%t%7%n%tPrivate Address:%t%t%8%n%tTunnel Endpoint:%t%t%9%n%n%tProtocol:%t%t%10%n%tKeying Module Name:%t%11%n%nCryptographic Information:%n%tIntegrity Algorithm - AH:%t%12%n%tIntegrity Algorithm - ESP:%t%13%n%tEncryption Algorithm:%t%14%n%nSecurity Association Information:%n%tLifetime - seconds:%t%15%n%tLifetime - data:%t%t%16%n%tLifetime - packets:%t%17%n%tMode:%t%t%t%18%n%tRole:%t%t%t%19%n%tQuick Mode Filter ID:%t%20%n%tMain Mode SA ID:%t%21%n%tQuick Mode SA ID:%t%22%n%nAdditional Information:%n%tInbound SPI:%t%t%23%n%tOutbound SPI:%t%t%24%n%tVirtual Interface Tunnel ID:%t%t%25%n%tTraffic Selector ID:%t%t%26
0x154CAn IPsec quick mode security association ended.%n%t%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tNetwork Address mask:%t%2%n%tPort:%t%t%t%3%n%tTunnel Endpoint:%t%t%4%n%nRemote Endpoint:%n%tNetwork Address:%t%5%n%tNetwork Address mask:%t%6%n%tPort:%t%t%t%7%n%tTunnel Endpoint:%t%t%8%n%nAdditional Information:%n%tProtocol:%t%t%9%n%tQuick Mode SA ID:%t%10%n%tVirtual Interface Tunnel ID:%t%t%11%n%tTraffic Selector ID:%t%t%12 An IPsec quick mode security association ended.%n%t%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tNetwork Address mask:%t%2%n%tPort:%t%t%t%3%n%tTunnel Endpoint:%t%t%4%n%nRemote Endpoint:%n%tNetwork Address:%t%5%n%tNetwork Address mask:%t%6%n%tPort:%t%t%t%7%n%tTunnel Endpoint:%t%t%8%n%nAdditional Information:%n%tProtocol:%t%t%9%n%tQuick Mode SA ID:%t%10%n%tVirtual Interface Tunnel ID:%t%t%11%n%tTraffic Selector ID:%t%t%12
0x154DAn IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service is not started. An IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service is not started.
0x1550IPsec Policy Agent applied Active Directory storage IPsec policy on the computer.%n%nPolicy:%t%t%1 IPsec Policy Agent applied Active Directory storage IPsec policy on the computer.%n%nPolicy:%t%t%1
0x1551IPsec Policy Agent failed to apply Active Directory storage IPsec policy on the computer.%n%nDN:%t%t%1%nError code:%t%t%2 IPsec Policy Agent failed to apply Active Directory storage IPsec policy on the computer.%n%nDN:%t%t%1%nError code:%t%t%2
0x1552IPsec Policy Agent applied locally cached copy of Active Directory storage IPsec policy on the computer.%n%nPolicy:%t%t%1 IPsec Policy Agent applied locally cached copy of Active Directory storage IPsec policy on the computer.%n%nPolicy:%t%t%1
0x1553IPsec Policy Agent failed to apply locally cached copy of Active Directory storage IPsec policy on the computer.%n%nPolicy:%t%t%1%nError Code:%t%t%2 IPsec Policy Agent failed to apply locally cached copy of Active Directory storage IPsec policy on the computer.%n%nPolicy:%t%t%1%nError Code:%t%t%2
0x1554IPsec Policy Agent applied local registry storage IPsec policy on the computer.%n%nPolicy:%t%t%1 IPsec Policy Agent applied local registry storage IPsec policy on the computer.%n%nPolicy:%t%t%1
0x1555IPsec Policy Agent failed to apply local registry storage IPsec policy on the computer.%n%nPolicy:%t%t%1%nError Code:%t%t%2 IPsec Policy Agent failed to apply local registry storage IPsec policy on the computer.%n%nPolicy:%t%t%1%nError Code:%t%t%2
0x1556IPsec Policy Agent failed to apply some rules of the active IPsec policy on the computer. Use the IP Security Monitor snap-in to diagnose the problem.%n%nPolicy:%t%t%1%nError Code:%t%t%2 IPsec Policy Agent failed to apply some rules of the active IPsec policy on the computer. Use the IP Security Monitor snap-in to diagnose the problem.%n%nPolicy:%t%t%1%nError Code:%t%t%2
0x1557IPsec Policy Agent polled for changes to the active IPsec policy and detected no changes. IPsec Policy Agent polled for changes to the active IPsec policy and detected no changes.
0x1558IPsec Policy Agent polled for changes to the active IPsec policy, detected changes, and applied them. IPsec Policy Agent polled for changes to the active IPsec policy, detected changes, and applied them.
0x1559IPsec Policy Agent received a control for forced reloading of IPsec policy and processed the control successfully. IPsec Policy Agent received a control for forced reloading of IPsec policy and processed the control successfully.
0x155AIPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead. Any changes made to the Active Directory IPsec policy since the last poll could not be applied. IPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead. Any changes made to the Active Directory IPsec policy since the last poll could not be applied.
0x155BIPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy. The cached copy of the Active Directory IPsec policy is no longer being used. IPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy. The cached copy of the Active Directory IPsec policy is no longer being used.
0x155CIPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes. The cached copy of the Active Directory IPsec policy is no longer being used. IPsec Policy Agent polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes. The cached copy of the Active Directory IPsec policy is no longer being used.
0x155FIPsec Policy Agent loaded local storage IPsec policy on the computer.%n%nPolicy:%t%t%1 IPsec Policy Agent loaded local storage IPsec policy on the computer.%n%nPolicy:%t%t%1
0x1560IPsec Policy Agent failed to load local storage IPsec policy on the computer.%n%nPolicy:%t%t%1%nError Code:%t%t%2 IPsec Policy Agent failed to load local storage IPsec policy on the computer.%n%nPolicy:%t%t%1%nError Code:%t%t%2
0x1561IPsec Policy Agent loaded directory storage IPsec policy on the computer.%n%nPolicy:%t%t%1 IPsec Policy Agent loaded directory storage IPsec policy on the computer.%n%nPolicy:%t%t%1
0x1562IPsec Policy Agent failed to load directory storage IPsec policy on the computer.%n%nPolicy:%t%t%1%nError Code:%t%t%2 IPsec Policy Agent failed to load directory storage IPsec policy on the computer.%n%nPolicy:%t%t%1%nError Code:%t%t%2
0x1565IPsec Policy Agent failed to add quick mode filter.%n%nQuick Mode Filter:%t%t%1%nError Code:%t%t%2 IPsec Policy Agent failed to add quick mode filter.%n%nQuick Mode Filter:%t%t%1%nError Code:%t%t%2
0x1566The IPsec Policy Agent service was started. The IPsec Policy Agent service was started.
0x1567The IPsec Policy Agent service was stopped. Stopping this service can put the computer at greater risk of network attack or expose the computer to potential security risks. The IPsec Policy Agent service was stopped. Stopping this service can put the computer at greater risk of network attack or expose the computer to potential security risks.
0x1568IPsec Policy Agent failed to get the complete list of network interfaces on the computer. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem. IPsec Policy Agent failed to get the complete list of network interfaces on the computer. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem.
0x156BThe IPsec Policy Agent service failed to initialize its RPC server. The service could not be started.%n%nError Code:%t%t%1 The IPsec Policy Agent service failed to initialize its RPC server. The service could not be started.%n%nError Code:%t%t%1
0x156CThe IPsec Policy Agent service experienced a critical failure and has shut down. The shutdown of this service can put the computer at greater risk of network attack or expose the computer to potential security risks.%n%nError Code:%t%t%1 The IPsec Policy Agent service experienced a critical failure and has shut down. The shutdown of this service can put the computer at greater risk of network attack or expose the computer to potential security risks.%n%nError Code:%t%t%1
0x156DIPsec Policy Agent failed to process some IPsec filters on a plug-and-play event for network interfaces. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem. IPsec Policy Agent failed to process some IPsec filters on a plug-and-play event for network interfaces. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem.
0x1600A request was made to authenticate to a wireless network.%n%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%tLogon ID:%t%t%5%n%nNetwork Information:%n%tName (SSID):%t%t%1%n%tInterface GUID:%t%t%8%n%tLocal MAC Address:%t%7%n%tPeer MAC Address:%t%6%n%nAdditional Information:%n%tReason Code:%t%t%10 (%9)%n%tError Code:%t%t%11%n%tEAP Reason Code:%t%12%n%tEAP Root Cause String:%t%13%n%tEAP Error Code:%t%t%14 A request was made to authenticate to a wireless network.%n%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%tLogon ID:%t%t%5%n%nNetwork Information:%n%tName (SSID):%t%t%1%n%tInterface GUID:%t%t%8%n%tLocal MAC Address:%t%7%n%tPeer MAC Address:%t%6%n%nAdditional Information:%n%tReason Code:%t%t%10 (%9)%n%tError Code:%t%t%11%n%tEAP Reason Code:%t%12%n%tEAP Root Cause String:%t%13%n%tEAP Error Code:%t%t%14
0x1601A request was made to authenticate to a wired network.%n%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%tLogon ID:%t%t%5%n%nInterface:%n%tName:%t%t%t%1%n%nAdditional Information%n%tReason Code:%t%t%7 (%6)%n%tError Code:%t%t%8 A request was made to authenticate to a wired network.%n%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%tLogon ID:%t%t%5%n%nInterface:%n%tName:%t%t%t%1%n%nAdditional Information%n%tReason Code:%t%t%7 (%6)%n%tError Code:%t%t%8
0x1650A Remote Procedure Call (RPC) was attempted.%n%nSubject:%n%tSID:%t%t%t%1%n%tName:%t%t%t%2%n%tAccount Domain:%t%t%3%n%tLogonId:%t%t%4%n%nProcess Information:%n%tPID:%t%t%t%5%n%tName:%t%t%t%6%n%nNetwork Information:%n%tRemote IP Address:%t%7%n%tRemote Port:%t%t%8%n%nRPC Attributes:%n%tInterface UUID:%t%t%9%n%tProtocol Sequence:%t%10%n%tAuthentication Service:%t%11%n%tAuthentication Level:%t%12 A Remote Procedure Call (RPC) was attempted.%n%nSubject:%n%tSID:%t%t%t%1%n%tName:%t%t%t%2%n%tAccount Domain:%t%t%3%n%tLogonId:%t%t%4%n%nProcess Information:%n%tPID:%t%t%t%5%n%tName:%t%t%t%6%n%nNetwork Information:%n%tRemote IP Address:%t%7%n%tRemote Port:%t%t%8%n%nRPC Attributes:%n%tInterface UUID:%t%t%9%n%tProtocol Sequence:%t%10%n%tAuthentication Service:%t%11%n%tAuthentication Level:%t%12
0x1700An object in the COM+ Catalog was modified.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tCOM+ Catalog Collection:%t%5%n%tObject Name:%t%t%t%6%n%tObject Properties Modified:%t%7 An object in the COM+ Catalog was modified.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tCOM+ Catalog Collection:%t%5%n%tObject Name:%t%t%t%6%n%tObject Properties Modified:%t%7
0x1701An object was deleted from the COM+ Catalog.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tCOM+ Catalog Collection:%t%5%n%tObject Name:%t%t%t%6%n%tObject Details:%t%t%t%7%nThis event occurs when an object is deleted from the COM+ catalog. An object was deleted from the COM+ Catalog.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tCOM+ Catalog Collection:%t%5%n%tObject Name:%t%t%t%6%n%tObject Details:%t%t%t%7%nThis event occurs when an object is deleted from the COM+ catalog.
0x1702An object was added to the COM+ Catalog.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tCOM+ Catalog Collection:%t%5%n%tObject Name:%t%t%t%6%n%tObject Details:%t%t%t%7 An object was added to the COM+ Catalog.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tCOM+ Catalog Collection:%t%5%n%tObject Name:%t%t%t%6%n%tObject Details:%t%t%t%7
0x1800Security policy in the group policy objects has been applied successfully. %n%nReturn Code:%t%1%n%nGPO List:%n%2 Security policy in the group policy objects has been applied successfully. %n%nReturn Code:%t%1%n%nGPO List:%n%2
0x1801One or more errors occured while processing security policy in the group policy objects.%n%nError Code:%t%1%nGPO List:%n%2 One or more errors occured while processing security policy in the group policy objects.%n%nError Code:%t%1%nGPO List:%n%2
0x1880Network Policy Server granted access to a user.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tCalled Station Identifier:%t%t%8%n%tCalling Station Identifier:%t%t%9%n%nNAS:%n%tNAS IPv4 Address:%t%t%10%n%tNAS IPv6 Address:%t%t%11%n%tNAS Identifier:%t%t%t%12%n%tNAS Port-Type:%t%t%t%13%n%tNAS Port:%t%t%t%14%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%15%n%tClient IP Address:%t%t%t%16%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%17%n%tNetwork Policy Name:%t%t%18%n%tAuthentication Provider:%t%t%19%n%tAuthentication Server:%t%t%20%n%tAuthentication Type:%t%t%21%n%tEAP Type:%t%t%t%22%n%tAccount Session Identifier:%t%t%23%n%tLogging Results:%t%t%t%24%n Network Policy Server granted access to a user.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tCalled Station Identifier:%t%t%8%n%tCalling Station Identifier:%t%t%9%n%nNAS:%n%tNAS IPv4 Address:%t%t%10%n%tNAS IPv6 Address:%t%t%11%n%tNAS Identifier:%t%t%t%12%n%tNAS Port-Type:%t%t%t%13%n%tNAS Port:%t%t%t%14%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%15%n%tClient IP Address:%t%t%t%16%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%17%n%tNetwork Policy Name:%t%t%18%n%tAuthentication Provider:%t%t%19%n%tAuthentication Server:%t%t%20%n%tAuthentication Type:%t%t%21%n%tEAP Type:%t%t%t%22%n%tAccount Session Identifier:%t%t%23%n%tLogging Results:%t%t%t%24%n
0x1881Network Policy Server denied access to a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tCalled Station Identifier:%t%t%8%n%tCalling Station Identifier:%t%t%9%n%nNAS:%n%tNAS IPv4 Address:%t%t%10%n%tNAS IPv6 Address:%t%t%11%n%tNAS Identifier:%t%t%t%12%n%tNAS Port-Type:%t%t%t%13%n%tNAS Port:%t%t%t%14%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%15%n%tClient IP Address:%t%t%t%16%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%17%n%tNetwork Policy Name:%t%t%18%n%tAuthentication Provider:%t%t%19%n%tAuthentication Server:%t%t%20%n%tAuthentication Type:%t%t%21%n%tEAP Type:%t%t%t%22%n%tAccount Session Identifier:%t%t%23%n%tLogging Results:%t%t%t%26%n%tReason Code:%t%t%t%24%n%tReason:%t%t%t%t%25%n Network Policy Server denied access to a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tCalled Station Identifier:%t%t%8%n%tCalling Station Identifier:%t%t%9%n%nNAS:%n%tNAS IPv4 Address:%t%t%10%n%tNAS IPv6 Address:%t%t%11%n%tNAS Identifier:%t%t%t%12%n%tNAS Port-Type:%t%t%t%13%n%tNAS Port:%t%t%t%14%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%15%n%tClient IP Address:%t%t%t%16%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%17%n%tNetwork Policy Name:%t%t%18%n%tAuthentication Provider:%t%t%19%n%tAuthentication Server:%t%t%20%n%tAuthentication Type:%t%t%21%n%tEAP Type:%t%t%t%22%n%tAccount Session Identifier:%t%t%23%n%tLogging Results:%t%t%t%26%n%tReason Code:%t%t%t%24%n%tReason:%t%t%t%t%25%n
0x1882Network Policy Server discarded the request for a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tCalled Station Identifier:%t%t%8%n%tCalling Station Identifier:%t%t%9%n%nNAS:%n%tNAS IPv4 Address:%t%t%10%n%tNAS IPv6 Address:%t%t%11%n%tNAS Identifier:%t%t%t%12%n%tNAS Port-Type:%t%t%t%13%n%tNAS Port:%t%t%t%14%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%15%n%tClient IP Address:%t%t%t%16%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%17%n%tNetwork Policy Name:%t%t%18%n%tAuthentication Provider:%t%t%19%n%tAuthentication Server:%t%t%20%n%tAuthentication Type:%t%t%21%n%tEAP Type:%t%t%t%22%n%tAccount Session Identifier:%t%t%23%n%tReason Code:%t%t%t%24%n%tReason:%t%t%t%t%25%n Network Policy Server discarded the request for a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tCalled Station Identifier:%t%t%8%n%tCalling Station Identifier:%t%t%9%n%nNAS:%n%tNAS IPv4 Address:%t%t%10%n%tNAS IPv6 Address:%t%t%11%n%tNAS Identifier:%t%t%t%12%n%tNAS Port-Type:%t%t%t%13%n%tNAS Port:%t%t%t%14%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%15%n%tClient IP Address:%t%t%t%16%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%17%n%tNetwork Policy Name:%t%t%18%n%tAuthentication Provider:%t%t%19%n%tAuthentication Server:%t%t%20%n%tAuthentication Type:%t%t%21%n%tEAP Type:%t%t%t%22%n%tAccount Session Identifier:%t%t%23%n%tReason Code:%t%t%t%24%n%tReason:%t%t%t%t%25%n
0x1883Network Policy Server discarded the accounting request for a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tCalled Station Identifier:%t%t%8%n%tCalling Station Identifier:%t%t%9%n%nNAS:%n%tNAS IPv4 Address:%t%t%10%n%tNAS IPv6 Address:%t%t%11%n%tNAS Identifier:%t%t%t%12%n%tNAS Port-Type:%t%t%t%13%n%tNAS Port:%t%t%t%14%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%15%n%tClient IP Address:%t%t%t%16%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%17%n%tNetwork Policy Name:%t%t%18%n%tAuthentication Provider:%t%t%19%n%tAuthentication Server:%t%t%20%n%tAuthentication Type:%t%t%21%n%tEAP Type:%t%t%t%22%n%tAccount Session Identifier:%t%t%23%n%tReason Code:%t%t%t%24%n%tReason:%t%t%t%t%25%n Network Policy Server discarded the accounting request for a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tCalled Station Identifier:%t%t%8%n%tCalling Station Identifier:%t%t%9%n%nNAS:%n%tNAS IPv4 Address:%t%t%10%n%tNAS IPv6 Address:%t%t%11%n%tNAS Identifier:%t%t%t%12%n%tNAS Port-Type:%t%t%t%13%n%tNAS Port:%t%t%t%14%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%15%n%tClient IP Address:%t%t%t%16%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%17%n%tNetwork Policy Name:%t%t%18%n%tAuthentication Provider:%t%t%19%n%tAuthentication Server:%t%t%20%n%tAuthentication Type:%t%t%21%n%tEAP Type:%t%t%t%22%n%tAccount Session Identifier:%t%t%23%n%tReason Code:%t%t%t%24%n%tReason:%t%t%t%t%25%n
0x1884Network Policy Server quarantined a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%nQuarantine Information:%n%tResult:%t%t%t%t%25%n%tExtended-Result:%t%t%t%26%n%tSession Identifier:%t%t%t%27%n%tHelp URL:%t%t%t%28%n%tSystem Health Validator Result(s):%t%29%n Network Policy Server quarantined a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%nQuarantine Information:%n%tResult:%t%t%t%t%25%n%tExtended-Result:%t%t%t%26%n%tSession Identifier:%t%t%t%27%n%tHelp URL:%t%t%t%28%n%tSystem Health Validator Result(s):%t%29%n
0x1885Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%nQuarantine Information:%n%tResult:%t%t%t%t%25%n%tExtended-Result:%t%t%t%26%n%tSession Identifier:%t%t%t%27%n%tHelp URL:%t%t%t%28%n%tSystem Health Validator Result(s):%t%29%n%tQuarantine Grace Time:%t%t%30%n Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%nQuarantine Information:%n%tResult:%t%t%t%t%25%n%tExtended-Result:%t%t%t%26%n%tSession Identifier:%t%t%t%27%n%tHelp URL:%t%t%t%28%n%tSystem Health Validator Result(s):%t%29%n%tQuarantine Grace Time:%t%t%30%n
0x1886Network Policy Server granted full access to a user because the host met the defined health policy.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%nQuarantine Information:%n%tResult:%t%t%t%t%25%n%tExtended-Result:%t%t%t%26%n%tSession Identifier:%t%t%t%27%n%tHelp URL:%t%t%t%28%n%tSystem Health Validator Result(s):%t%29%n Network Policy Server granted full access to a user because the host met the defined health policy.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%nQuarantine Information:%n%tResult:%t%t%t%t%25%n%tExtended-Result:%t%t%t%26%n%tSession Identifier:%t%t%t%27%n%tHelp URL:%t%t%t%28%n%tSystem Health Validator Result(s):%t%29%n
0x1887Network Policy Server locked the user account due to repeated failed authentication attempts.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n Network Policy Server locked the user account due to repeated failed authentication attempts.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n
0x1888Network Policy Server unlocked the user account.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n Network Policy Server unlocked the user account.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n
0x1889Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.%n%nFile Name:%t%1%t Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.%n%nFile Name:%t%1%t
0x1900BranchCache: Received an incorrectly formatted response while discovering availability of content. %n%nIP address of the client that sent this response:%t%t%t%1%n%t%n BranchCache: Received an incorrectly formatted response while discovering availability of content. %n%nIP address of the client that sent this response:%t%t%t%1%n%t%n
0x1901BranchCache: Received invalid data from a peer. Data discarded. %n%nIP address of the client that sent this data:%t%t%t%1%n%t%n BranchCache: Received invalid data from a peer. Data discarded. %n%nIP address of the client that sent this data:%t%t%t%1%n%t%n
0x1902BranchCache: The message to the hosted cache offering it data is incorrectly formatted. %n%nIP address of the client that sent this message: %t%t%t%1%n%t%n BranchCache: The message to the hosted cache offering it data is incorrectly formatted. %n%nIP address of the client that sent this message: %t%t%t%1%n%t%n
0x1903BranchCache: The hosted cache sent an incorrectly formatted response to the client's message to offer it data. %n%nDomain name of the hosted cache is:%t%t%t%1%n%t%n BranchCache: The hosted cache sent an incorrectly formatted response to the client's message to offer it data. %n%nDomain name of the hosted cache is:%t%t%t%1%n%t%n
0x1904BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. %n%nDomain name of the hosted cache:%t%t%t%1%n%t%nError Code:%t%t%t%2%n%t%n BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. %n%nDomain name of the hosted cache:%t%t%t%1%n%t%nError Code:%t%t%t%2%n%t%n
0x1905BranchCache: %2 instance(s) of event id %1 occurred.%n BranchCache: %2 instance(s) of event id %1 occurred.%n
0x1906%1 registered to Windows Firewall to control filtering for the following: %n%2. %1 registered to Windows Firewall to control filtering for the following: %n%2.
0x1908Registered product %1 failed and Windows Firewall is now controlling the filtering for %2. Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.
0x1909BranchCache: A service connection point object could not be parsed. %n%nSCP object GUID: %1 BranchCache: A service connection point object could not be parsed. %n%nSCP object GUID: %1
0x190ACode integrity determined that a file does not meet the security requirements to load into a process. This could be due to the use of shared sections or other issues.%n%nFile Name:%t%1%t Code integrity determined that a file does not meet the security requirements to load into a process. This could be due to the use of shared sections or other issues.%n%nFile Name:%t%1%t
0x1910A new external device was recognized by the system.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nVendor IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11 A new external device was recognized by the system.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nVendor IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11
0x1911The FIPS mode crypto selftests succeeded.%n%n%tProcess ID:%t%t%1%n%tProcess Name:%t%t%2 The FIPS mode crypto selftests succeeded.%n%n%tProcess ID:%t%t%1%n%tProcess Name:%t%t%2
0x1912The FIPS mode crypto selftests failed.%n%n%tProcess ID:%t%t%1%n%tProcess Name:%t%t%2%n%tFailed test code:%t%t%3 The FIPS mode crypto selftests failed.%n%n%tProcess ID:%t%t%1%n%tProcess Name:%t%t%2%n%tFailed test code:%t%t%3
0x1913A request was made to disable a device.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11 A request was made to disable a device.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11
0x1914A device was disabled.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11 A device was disabled.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11
0x1915A request was made to enable a device.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11 A request was made to enable a device.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11
0x1916A device was enabled.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11 A device was enabled.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11
0x1917The installation of this device is forbidden by system policy.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11 The installation of this device is forbidden by system policy.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11
0x1918The installation of this device was allowed, after having previously been forbidden by policy.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11 The installation of this device was allowed, after having previously been forbidden by policy.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nDevice ID:%t%5%n%nDevice Name:%t%6%n%nClass ID:%t%t%7%n%nClass Name:%t%8%n%nHardware IDs:%t%9%n%nCompatible IDs:%t%10%n%nLocation Information:%t%11
0x1FFFHighest System-Defined Audit Message Value. Highest System-Defined Audit Message Value.
0x30000000Info Info
0x50000004Information Information
0x70003000Security State Change Security State Change
0x70003001Security System Extension Security System Extension
0x70003002System Integrity System Integrity
0x70003003IPsec Driver IPsec Driver
0x70003004Other System Events Other System Events
0x70003100Logon Logon
0x70003101Logoff Logoff
0x70003102Account Lockout Account Lockout
0x70003103IPsec Main Mode IPsec Main Mode
0x70003104Special Logon Special Logon
0x70003105IPsec Quick Mode IPsec Quick Mode
0x70003106IPsec Extended Mode IPsec Extended Mode
0x70003107Other Logon/Logoff Events Other Logon/Logoff Events
0x70003108Network Policy Server Network Policy Server
0x70003109User / Device Claims User / Device Claims
0x7000310AGroup Membership Group Membership
0x70003200File System File System
0x70003201Registry Registry
0x70003202Kernel Object Kernel Object
0x70003203SAM SAM
0x70003204Other Object Access Events Other Object Access Events
0x70003205Certification Services Certification Services
0x70003206Application Generated Application Generated
0x70003207Handle Manipulation Handle Manipulation
0x70003208File Share File Share
0x70003209Filtering Platform Packet Drop Filtering Platform Packet Drop
0x7000320AFiltering Platform Connection Filtering Platform Connection
0x7000320BDetailed File Share Detailed File Share
0x7000320CRemovable Storage Removable Storage
0x7000320DCentral Access Policy Staging Central Access Policy Staging
0x70003300Sensitive Privilege Use Sensitive Privilege Use
0x70003301Non Sensitive Privilege Use Non Sensitive Privilege Use
0x70003302Other Privilege Use Events Other Privilege Use Events
0x70003400Process Creation Process Creation
0x70003401Process Termination Process Termination
0x70003402DPAPI Activity DPAPI Activity
0x70003403RPC Events RPC Events
0x70003404Plug and Play Events Plug and Play Events
0x70003405Token Right Adjusted Events Token Right Adjusted Events
0x70003500Audit Policy Change Audit Policy Change
0x70003501Authentication Policy Change Authentication Policy Change
0x70003502Authorization Policy Change Authorization Policy Change
0x70003503MPSSVC Rule-Level Policy Change MPSSVC Rule-Level Policy Change
0x70003504Filtering Platform Policy Change Filtering Platform Policy Change
0x70003505Other Policy Change Events Other Policy Change Events
0x70003600User Account Management User Account Management
0x70003601Computer Account Management Computer Account Management
0x70003602Security Group Management Security Group Management
0x70003603Distribution Group Management Distribution Group Management
0x70003604Application Group Management Application Group Management
0x70003605Other Account Management Events Other Account Management Events
0x70003700Directory Service Access Directory Service Access
0x70003701Directory Service Changes Directory Service Changes
0x70003702Directory Service Replication Directory Service Replication
0x70003703Detailed Directory Service Replication Detailed Directory Service Replication
0x70003800Credential Validation Credential Validation
0x70003801Kerberos Service Ticket Operations Kerberos Service Ticket Operations
0x70003802Other Account Logon Events Other Account Logon Events
0x70003803Kerberos Authentication Service Kerberos Authentication Service
0x7000FF00Subcategory could not be determined Subcategory could not be determined
0x90000001Microsoft Windows security auditing. Microsoft Windows security auditing.
0x90000002Security Security
0xB0001208The system time was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tProcess ID:%t%9%n%tName:%t%t%10%n%nPrevious Time:%t%t%6 %5%nNew Time:%t%t%8 %7%n%nThis event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer. The system time was changed.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tProcess ID:%t%9%n%tName:%t%t%10%n%nPrevious Time:%t%t%6 %5%nNew Time:%t%t%8 %7%n%nThis event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
0xB0001210An account was successfully logged on.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%9%n%nNew Logon:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%tLogon GUID:%t%t%13%n%nProcess Information:%n%tProcess ID:%t%t%17%n%tProcess Name:%t%t%18%n%nNetwork Information:%n%tWorkstation Name:%t%12%n%tSource Network Address:%t%19%n%tSource Port:%t%t%20%n%nDetailed Authentication Information:%n%tLogon Process:%t%t%10%n%tAuthentication Package:%t%11%n%tTransited Services:%t%14%n%tPackage Name (NTLM only):%t%15%n%tKey Length:%t%t%16%n%nThis event is generated when a logon session is created. It is generated on the computer that was accessed.%n%nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).%n%nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.%n%nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.%n%nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.%n%nThe authentication information fields provide detailed information about this specific logon request.%n%t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.%n%t- Transited services indicate which intermediate services have participated in this logon request.%n%t- Package name indicates which sub-protocol was used among the NTLM protocols.%n%t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested. An account was successfully logged on.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%9%n%nNew Logon:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%tLogon GUID:%t%t%13%n%nProcess Information:%n%tProcess ID:%t%t%17%n%tProcess Name:%t%t%18%n%nNetwork Information:%n%tWorkstation Name:%t%12%n%tSource Network Address:%t%19%n%tSource Port:%t%t%20%n%nDetailed Authentication Information:%n%tLogon Process:%t%t%10%n%tAuthentication Package:%t%11%n%tTransited Services:%t%14%n%tPackage Name (NTLM only):%t%15%n%tKey Length:%t%t%16%n%nThis event is generated when a logon session is created. It is generated on the computer that was accessed.%n%nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).%n%nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.%n%nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.%n%nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.%n%nThe authentication information fields provide detailed information about this specific logon request.%n%t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.%n%t- Transited services indicate which intermediate services have participated in this logon request.%n%t- Package name indicates which sub-protocol was used among the NTLM protocols.%n%t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
0xB000122EAn IPsec quick mode negotiation failed.%n%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tNetwork Address mask:%t%2%n%tPort:%t%t%t%3%n%tTunnel Endpoint:%t%t%4%n%nRemote Endpoint:%n%tNetwork Address:%t%5%n%tAddress Mask:%t%t%6%n%tPort:%t%t%t%7%n%tTunnel Endpoint:%t%t%8%n%tPrivate Address:%t%t%10%n%nAdditional Information:%n%tProtocol:%t%t%9%n%tKeying Module Name:%t%11%n%tMode:%t%t%t%14%n%tRole:%t%t%t%16%n%tQuick Mode Filter ID:%t%18%n%tMain Mode SA ID:%t%19%n%nFailure Information:%n%tState:%t%t%t%15%n%tMessage ID:%t%t%17%n%tFailure Point:%t%t%12%n%tFailure Reason:%t%t%13 An IPsec quick mode negotiation failed.%n%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tNetwork Address mask:%t%2%n%tPort:%t%t%t%3%n%tTunnel Endpoint:%t%t%4%n%nRemote Endpoint:%n%tNetwork Address:%t%5%n%tAddress Mask:%t%t%6%n%tPort:%t%t%t%7%n%tTunnel Endpoint:%t%t%8%n%tPrivate Address:%t%t%10%n%nAdditional Information:%n%tProtocol:%t%t%9%n%tKeying Module Name:%t%11%n%tMode:%t%t%t%14%n%tRole:%t%t%t%16%n%tQuick Mode Filter ID:%t%18%n%tMain Mode SA ID:%t%19%n%nFailure Information:%n%tState:%t%t%t%15%n%tMessage ID:%t%t%17%n%tFailure Point:%t%t%12%n%tFailure Reason:%t%t%13
0xB0001230A handle to an object was requested.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%tObject Name:%t%t%7%n%tHandle ID:%t%t%8%n%nProcess Information:%n%tProcess ID:%t%t%14%n%tProcess Name:%t%t%15%n%nAccess Request Information:%n%tTransaction ID:%t%t%9%n%tAccesses:%t%t%10%n%tAccess Mask:%t%t%11%n%tPrivileges Used for Access Check:%t%12%n%tRestricted SID Count:%t%13 A handle to an object was requested.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%t%5%n%tObject Type:%t%t%6%n%tObject Name:%t%t%7%n%tHandle ID:%t%t%8%n%nProcess Information:%n%tProcess ID:%t%t%14%n%tProcess Name:%t%t%15%n%nAccess Request Information:%n%tTransaction ID:%t%t%9%n%tAccesses:%t%t%10%n%tAccess Mask:%t%t%11%n%tPrivileges Used for Access Check:%t%12%n%tRestricted SID Count:%t%13
0xB0001235A handle to an object was requested.%n%nSubject :%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%15%n%tProcess Name:%t%16%n%nAccess Request Information:%n%tTransaction ID:%t%9%n%tAccesses:%t%10%n%tAccess Mask:%t%11%n%tPrivileges Used for Access Check:%t%12%n%tProperties:%t%13%n%tRestricted SID Count:%t%14 A handle to an object was requested.%n%nSubject :%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%15%n%tProcess Name:%t%16%n%nAccess Request Information:%n%tTransaction ID:%t%9%n%tAccesses:%t%10%n%tAccess Mask:%t%11%n%tPrivileges Used for Access Check:%t%12%n%tProperties:%t%13%n%tRestricted SID Count:%t%14
0xB0001237An attempt was made to access an object.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nAccess Request Information:%n%tAccesses:%t%9%n%tAccess Mask:%t%10 An attempt was made to access an object.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nObject:%n%tObject Server:%t%5%n%tObject Type:%t%6%n%tObject Name:%t%7%n%tHandle ID:%t%8%n%nProcess Information:%n%tProcess ID:%t%11%n%tProcess Name:%t%12%n%nAccess Request Information:%n%tAccesses:%t%9%n%tAccess Mask:%t%10
0xB0001250A new process has been created.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tNew Process ID:%t%t%5%n%tNew Process Name:%t%6%n%tToken Elevation Type:%t%7%n%tCreator Process ID:%t%8%n%nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.%n%nType 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.%n%nType 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.%n%nType 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. A new process has been created.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tNew Process ID:%t%t%5%n%tNew Process Name:%t%6%n%tToken Elevation Type:%t%7%n%tCreator Process ID:%t%8%n%nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.%n%nType 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.%n%nType 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.%n%nType 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
0xB0001278A member was added to a security-enabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was added to a security-enabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0xB000127CA member was added to a security-enabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was added to a security-enabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0xB000128AA member was added to a security-disabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was added to a security-disabled local group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0xB000128FA member was added to a security-disabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was added to a security-disabled global group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0xB0001294A member was added to a security-enabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was added to a security-enabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0xB0001299A member was added to a security-disabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was added to a security-disabled universal group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0xB00012B1A member was added to a basic application group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10 A member was added to a basic application group.%n%nSubject:%n%tSecurity ID:%t%t%6%n%tAccount Name:%t%t%7%n%tAccount Domain:%t%t%8%n%tLogon ID:%t%t%9%n%nMember:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%1%n%nGroup:%n%tSecurity ID:%t%t%5%n%tGroup Name:%t%t%3%n%tGroup Domain:%t%t%4%n%nAdditional Information:%n%tPrivileges:%t%t%10
0xB0001405A request was submitted to OCSP Responder Service. A request was submitted to OCSP Responder Service.
0xB0001414A network share object was accessed.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nNetwork Information:%t%n%tSource Address:%t%t%5%n%tSource Port:%t%t%6%n%t%nShare Name:%t%t%t%7 A network share object was accessed.%n%t%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nNetwork Information:%t%n%tSource Address:%t%t%5%n%tSource Port:%t%t%6%n%t%nShare Name:%t%t%t%7
0xB000154BAn IPsec quick mode security association was established.%n%t%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tNetwork Address mask:%t%2%n%tPort:%t%t%t%3%n%tTunnel Endpoint:%t%t%4%n%nRemote Endpoint:%n%tNetwork Address:%t%5%n%tNetwork Address Mask:%t%6%n%tPort:%t%t%t%7%n%tPrivate Address:%t%t%8%n%tTunnel Endpoint:%t%t%9%n%n%tProtocol:%t%t%10%n%tKeying Module Name:%t%11%n%nCryptographic Information:%n%tIntegrity Algorithm - AH:%t%12%n%tIntegrity Algorithm - ESP:%t%13%n%tEncryption Algorithm:%t%14%n%nSecurity Association Information:%n%tLifetime - seconds:%t%15%n%tLifetime - data:%t%t%16%n%tLifetime - packets:%t%17%n%tMode:%t%t%t%18%n%tRole:%t%t%t%19%n%tQuick Mode Filter ID:%t%20%n%tMain Mode SA ID:%t%21%n%tQuick Mode SA ID:%t%22%n%nAdditional Information:%n%tInbound SPI:%t%t%23%n%tOutbound SPI:%t%t%24 An IPsec quick mode security association was established.%n%t%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tNetwork Address mask:%t%2%n%tPort:%t%t%t%3%n%tTunnel Endpoint:%t%t%4%n%nRemote Endpoint:%n%tNetwork Address:%t%5%n%tNetwork Address Mask:%t%6%n%tPort:%t%t%t%7%n%tPrivate Address:%t%t%8%n%tTunnel Endpoint:%t%t%9%n%n%tProtocol:%t%t%10%n%tKeying Module Name:%t%11%n%nCryptographic Information:%n%tIntegrity Algorithm - AH:%t%12%n%tIntegrity Algorithm - ESP:%t%13%n%tEncryption Algorithm:%t%14%n%nSecurity Association Information:%n%tLifetime - seconds:%t%15%n%tLifetime - data:%t%t%16%n%tLifetime - packets:%t%17%n%tMode:%t%t%t%18%n%tRole:%t%t%t%19%n%tQuick Mode Filter ID:%t%20%n%tMain Mode SA ID:%t%21%n%tQuick Mode SA ID:%t%22%n%nAdditional Information:%n%tInbound SPI:%t%t%23%n%tOutbound SPI:%t%t%24
0xB000154CAn IPsec quick mode security association ended.%n%t%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tPort:%t%t%t%2%n%tTunnel Endpoint:%t%t%3%n%nRemote Endpoint:%n%tNetwork Address:%t%4%n%tPort:%t%t%t%5%n%tTunnel Endpoint:%t%t%6%n%nAdditional Information:%n%tProtocol:%t%t%7%n%tQuick Mode SA ID:%t%8 An IPsec quick mode security association ended.%n%t%nLocal Endpoint:%n%tNetwork Address:%t%1%n%tPort:%t%t%t%2%n%tTunnel Endpoint:%t%t%3%n%nRemote Endpoint:%n%tNetwork Address:%t%4%n%tPort:%t%t%t%5%n%tTunnel Endpoint:%t%t%6%n%nAdditional Information:%n%tProtocol:%t%t%7%n%tQuick Mode SA ID:%t%8
0xB0001600A request was made to authenticate to a wireless network.%n%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%tLogon ID:%t%t%5%n%nNetwork Information:%n%tName (SSID):%t%t%1%n%tInterface GUID:%t%t%8%n%tLocal MAC Address:%t%7%n%tPeer MAC Address:%t%6%n%nAdditional Information:%n%tReason Code:%t%t%10 (%9)%n%tError Code:%t%t%11 A request was made to authenticate to a wireless network.%n%nSubject:%n%tSecurity ID:%t%t%2%n%tAccount Name:%t%t%3%n%tAccount Domain:%t%t%4%n%tLogon ID:%t%t%5%n%nNetwork Information:%n%tName (SSID):%t%t%1%n%tInterface GUID:%t%t%8%n%tLocal MAC Address:%t%7%n%tPeer MAC Address:%t%6%n%nAdditional Information:%n%tReason Code:%t%t%10 (%9)%n%tError Code:%t%t%11
0xB0001880Network Policy Server granted access to a user.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tProxy Policy Name:%t%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%nQuarantine Information:%n%tResult:%t%t%t%t%25%n%tSession Identifier:%t%t%t%26%n Network Policy Server granted access to a user.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tProxy Policy Name:%t%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%nQuarantine Information:%n%tResult:%t%t%t%t%25%n%tSession Identifier:%t%t%t%26%n
0xB0001881Network Policy Server denied access to a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tProxy Policy Name:%t%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%tReason Code:%t%t%t%25%n%tReason:%t%t%t%t%26%n Network Policy Server denied access to a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tProxy Policy Name:%t%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%tReason Code:%t%t%t%25%n%tReason:%t%t%t%t%26%n
0xB0001882Network Policy Server discarded the request for a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%tReason Code:%t%t%t%25%n%tReason:%t%t%t%t%26%n Network Policy Server discarded the request for a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%tReason Code:%t%t%t%25%n%tReason:%t%t%t%t%26%n
0xB0001883Network Policy Server discarded the accounting request for a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%tReason Code:%t%t%t%25%n%tReason:%t%t%t%t%26%n Network Policy Server discarded the accounting request for a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%tReason Code:%t%t%t%25%n%tReason:%t%t%t%t%26%n
0xB0001910A new external device was recognized by the system.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nClass ID:%t%t%5%n%nVendor IDs:%t%6%n%nCompatible IDs:%t%7%n%nLocation Information:%t%8 A new external device was recognized by the system.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nClass ID:%t%t%5%n%nVendor IDs:%t%6%n%nCompatible IDs:%t%7%n%nLocation Information:%t%8
0xB0011210An account was successfully logged on.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%9%n%nImpersonation Level:%t%t%21%n%nNew Logon:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%tLogon GUID:%t%t%13%n%nProcess Information:%n%tProcess ID:%t%t%17%n%tProcess Name:%t%t%18%n%nNetwork Information:%n%tWorkstation Name:%t%12%n%tSource Network Address:%t%19%n%tSource Port:%t%t%20%n%nDetailed Authentication Information:%n%tLogon Process:%t%t%10%n%tAuthentication Package:%t%11%n%tTransited Services:%t%14%n%tPackage Name (NTLM only):%t%15%n%tKey Length:%t%t%16%n%nThis event is generated when a logon session is created. It is generated on the computer that was accessed.%n%nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).%n%nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.%n%nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.%n%nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.%n%nThe authentication information fields provide detailed information about this specific logon request.%n%t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.%n%t- Transited services indicate which intermediate services have participated in this logon request.%n%t- Package name indicates which sub-protocol was used among the NTLM protocols.%n%t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested. An account was successfully logged on.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nLogon Type:%t%t%t%9%n%nImpersonation Level:%t%t%21%n%nNew Logon:%n%tSecurity ID:%t%t%5%n%tAccount Name:%t%t%6%n%tAccount Domain:%t%t%7%n%tLogon ID:%t%t%8%n%tLogon GUID:%t%t%13%n%nProcess Information:%n%tProcess ID:%t%t%17%n%tProcess Name:%t%t%18%n%nNetwork Information:%n%tWorkstation Name:%t%12%n%tSource Network Address:%t%19%n%tSource Port:%t%t%20%n%nDetailed Authentication Information:%n%tLogon Process:%t%t%10%n%tAuthentication Package:%t%11%n%tTransited Services:%t%14%n%tPackage Name (NTLM only):%t%15%n%tKey Length:%t%t%16%n%nThis event is generated when a logon session is created. It is generated on the computer that was accessed.%n%nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.%n%nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).%n%nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.%n%nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.%n%nThe impersonation level field indicates the extent to which a process in the logon session can impersonate.%n%nThe authentication information fields provide detailed information about this specific logon request.%n%t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.%n%t- Transited services indicate which intermediate services have participated in this logon request.%n%t- Package name indicates which sub-protocol was used among the NTLM protocols.%n%t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
0xB0011250A new process has been created.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tNew Process ID:%t%t%5%n%tNew Process Name:%t%6%n%tToken Elevation Type:%t%7%n%tCreator Process ID:%t%8%n%tProcess Command Line:%t%9%n%nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.%n%nType 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.%n%nType 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.%n%nType 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. A new process has been created.%n%nSubject:%n%tSecurity ID:%t%t%1%n%tAccount Name:%t%t%2%n%tAccount Domain:%t%t%3%n%tLogon ID:%t%t%4%n%nProcess Information:%n%tNew Process ID:%t%t%5%n%tNew Process Name:%t%6%n%tToken Elevation Type:%t%7%n%tCreator Process ID:%t%8%n%tProcess Command Line:%t%9%n%nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.%n%nType 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.%n%nType 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.%n%nType 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
0xB0011880Network Policy Server granted access to a user.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%tLogging Results:%t%t%t%27%n%nQuarantine Information:%n%tResult:%t%t%t%t%25%n%tSession Identifier:%t%t%t%26%n Network Policy Server granted access to a user.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%tLogging Results:%t%t%t%27%n%nQuarantine Information:%n%tResult:%t%t%t%t%25%n%tSession Identifier:%t%t%t%26%n
0xB0011881Network Policy Server denied access to a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%tLogging Results:%t%t%t%27%n%tReason Code:%t%t%t%25%n%tReason:%t%t%t%t%26%n Network Policy Server denied access to a user.%n%nContact the Network Policy Server administrator for more information.%n%nUser:%n%tSecurity ID:%t%t%t%1%n%tAccount Name:%t%t%t%2%n%tAccount Domain:%t%t%t%3%n%tFully Qualified Account Name:%t%4%n%nClient Machine:%n%tSecurity ID:%t%t%t%5%n%tAccount Name:%t%t%t%6%n%tFully Qualified Account Name:%t%7%n%tOS-Version:%t%t%t%8%n%tCalled Station Identifier:%t%t%9%n%tCalling Station Identifier:%t%t%10%n%nNAS:%n%tNAS IPv4 Address:%t%t%11%n%tNAS IPv6 Address:%t%t%12%n%tNAS Identifier:%t%t%t%13%n%tNAS Port-Type:%t%t%t%14%n%tNAS Port:%t%t%t%15%n%nRADIUS Client:%n%tClient Friendly Name:%t%t%16%n%tClient IP Address:%t%t%t%17%n%nAuthentication Details:%n%tConnection Request Policy Name:%t%18%n%tNetwork Policy Name:%t%t%19%n%tAuthentication Provider:%t%t%20%n%tAuthentication Server:%t%t%21%n%tAuthentication Type:%t%t%22%n%tEAP Type:%t%t%t%23%n%tAccount Session Identifier:%t%t%24%n%tLogging Results:%t%t%t%27%n%tReason Code:%t%t%t%25%n%tReason:%t%t%t%t%26%n

EXIF

File Name:adtschema.dll.mui
Directory:%WINDIR%\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_10.0.15063.0_en-us_6b197d2c92ab2035\
File Size:297 kB
File Permissions:rw-rw-rw-
File Type:Win32 DLL
File Type Extension:dll
MIME Type:application/octet-stream
Machine Type:Intel 386 or later, and compatibles
Time Stamp:0000:00:00 00:00:00
PE Type:PE32
Linker Version:14.10
Code Size:0
Initialized Data Size:303616
Uninitialized Data Size:0
Entry Point:0x0000
OS Version:10.0
Image Version:10.0
Subsystem Version:6.0
Subsystem:Windows GUI
File Version Number:10.0.15063.0
Product Version Number:10.0.15063.0
File Flags Mask:0x003f
File Flags:(none)
File OS:Windows NT 32-bit
Object File Type:Dynamic link library
File Subtype:0
Language Code:English (U.S.)
Character Set:Unicode
Company Name:Microsoft Corporation
File Description:Security Audit Schema DLL
File Version:10.0.15063.0 (WinBuild.160101.0800)
Internal Name:adtschema.dll
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original File Name:adtschema.dll.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Directory:%WINDIR%\WinSxS\wow64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_10.0.15063.0_en-us_756e277ec70be230\

What is adtschema.dll.mui?

adtschema.dll.mui is Multilingual User Interface resource file that contain English (U.S.) language for file adtschema.dll (Security Audit Schema DLL).

File version info

File Description:Security Audit Schema DLL
File Version:10.0.15063.0 (WinBuild.160101.0800)
Company Name:Microsoft Corporation
Internal Name:adtschema.dll
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original Filename:adtschema.dll.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Translation:0x409, 1200