Back to your phpLogCon instanceEventlog Type: Security
Eventlog Source: Security
Event ID: 612
Link to KB Entry
Short Description:
An audit policy was changed.
KnowledgeBase Event Repository
This site is the central interface to the Adiscon Event Repository-
- Details for this entry
-
- Eventlog Type:
- Security
- Eventlog Source:
- Security
- Event ID:
- 612
- Full Description:
- An audit policy was changed.
- Parameter Description:
- Audit Policy Change:%n
New Policy:%n
%tSuccess%tFailure%n
%t %3%t %4%tLogon/Logoff%n
%t %5%t %6%tObject Access%n
%t %7%t %8%tPrivilege Use%n
%t %13%t %14%tAccount Management%n
%t %11%t %12%tPolicy Change%n
%t %1%t %2%tSystem%n
%t %9%t %10%tDetailed Tracking%n
%t %15%t %16%tDirectory Service Access%n
%t %17%t %18%tAccount Logon%n%n
Changed By:%n
%tUser Name:%t%19%n
%tDomain Name:%t%20%n
%tLogon ID:%t%t%21
- More Informations:
- Cause
This can be a result of Group Policy obtained from Active Directory or from Local Computer Policy that is configured on the computer. The details of the audit policy change are described in the event message.
This message does not necessarily indicate a problem. However, an attacker may change audit policy as part of a system attack. If successful, an attacker can disable auditing during their attacks and thereby destroy part of the evidence of the attack.
Resolution- Verify that the audit policy change is authorized. If it is an authorized change, no user action is required.
- If the change is unauthorized, identify the attack and attacker to mitigate the threat.
- Search for this Event::
- Search in Knowledge Base • Search in this Forum • Search on Windows-Expert.com
-
- Software Vendor: Microsoft
- Accessed: 4213
Discuss the Event
Discussion for KB Entry 72 - Event ID 612
This is the discussion thread for the Knowledge Base Entry 72
Eventlog Type: Security
Eventlog Source: Security
Event ID: 612
Link to KB Entry
Short Description:
Eventlog Type: Security
Eventlog Source: Security
Event ID: 612
Link to KB Entry
Short Description:
-
knowledgebase - Frequent Poster
- Posts: 128
- Joined: Wed May 28, 2008 10:09 am
About the KnowledgeBase Event Repository
This is a repository of known Windows Events, hopefully together with a description of what it means, when it appears and how to troubleshoot it. The event repository was initially provided as a tool for parser creation but has since evolved. It is now part of the overall knowledgebase in the hope that it provides a useful service to the community. Please add your comments and questions (which we try to answer), as this increases the event repository usefulness for all of us.
