Based on the ID below, it helps us quickly identify the security events generated by the Microsoft® Windows Server 2003 operating system, which means what happened.
I. Account Login Event
The following shows the security events generated by the “Auditing Account Login Event&Security; security template settings.
672: The authentication service (AS) ticket has been successfully issued and verified.
673: The Authorized Ticket Service (TGS) ticket is authorized. TGS is a ticket issued by the Kerberos v5 Ticket Authorization Service (TGS) that allows users to authenticate specific services in the domain.
674: The security principal has updated the AS ticket or TGS ticket.
675: Pre-authentication failed. The Key Distribution Center (KDC) generates this event when the user types the wrong password.
676: The authentication ticket request failed. This event is not generated in members of the Windows XP Professional or Windows Server family.
677: The TGS ticket is not authorized. This event is not generated in members of the Windows XP Professional or Windows Server family.
678: The account has been successfully mapped to a domain account.
681: Login failed. Try a domain account login. This event is not generated in members of the Windows XP Professional or Windows Server family.
682: The user has reconnected to a disconnected terminal server session.
683: The user disconnects the terminal server session without logging out.
Second, Account Management Events
The following shows the security events generated by the "Audit Account Management" security template settings.
624: User account has been created.
627: User password has been changed.
628: The user password has been set.
630: User account has been deleted.
631: The global group has been created.
632: Members have been added to the global group.
633: The member has been removed from the global group.
634: The global group has been deleted.
635: A new local group has been created.
636: Members have been added to the local group.
637: The member has been removed from the local group.
638: The local group has been deleted.
639: The local group account has been changed.
641: The global group account has been changed.
642: User account has been changed.
643: The domain policy has been modified.
644: User accounts are automatically locked.
645: The computer account has been created.
646: The computer account has been changed.
647: The computer account has been deleted.
648: Disabled security local security group has been created.
Note:
From the official name, SECURITY_DISABLED means that the group cannot be used to authorize access checks.
649: Disabled security local security groups have changed.
650: Members have been added to a security-free local security group.
651: Members have been removed from the security-secured local security group.
652: Disabled security local groups have been deleted.
653: Disabled security global group has been created.
654: Disabled security global groups have changed.
655: Members have been added to a global group with security disabled.
656: The member has been removed from the global group with security disabled.
657: Disabled security global groups have been removed.
658: A universal group with security enabled has been created.
659: The universal group with security enabled has changed.
660: Members have been added to the universal group with security enabled.
661: Members have been removed from the security-enabled universal group.
662: The universal group with security enabled has been removed.
663: Disabled security universal group has been created.
664: Disabled security universal groups have changed.
665: Members have been added to the universal group with security disabled.
666: Members have been removed from the universal group with security disabled.
667: The disabled universal group has been removed.
668: The group type has changed.
684: The security descriptor for the management group member has been set.
Note:
On a domain controller, every 60 minutes, the background thread searches for and applies to all members of the management group (such as domain, enterprise, and schema administrators) A fixed security descriptor. The event has been logged.
685: The account name has been changed.
The school computer room recently upgraded the system to Windows 2003. In order to strengthen manage
This document applies to the installation, configuration, and use of MongoDB 2.0.1 on Windows 2003.
In the LAN working environment, network administrators often manage remotely through remote desktops
For security reasons, it is not allowed to ping the external command on Windows Server 2008. If you
Several common faults in Windows Server 2003
SNMP service network security in Win2003
Simple setup speeds up Windows 2003 shutdown speed
How to achieve network sharing restore in Win2003
Windows Server 2008 R2 cannot connect to wireless network issues
Windows2003 network server security Raiders
Win2000 shutdown display save settings but can not shut down
Easy to implement infrared communication support in Windows 2003
Windows 2008 system how to cancel Ctrl+Alt+Delete key combination login
Win2008 Remote Desktop Connection Performance Optimization Five Cheats
How do I create a logical volume management (LVM) partition using kickstart?
Using Word 2003 to make it easy for you to read the document
Teach you to clean the Win7 system disk to move the user folder
Win10 finds the input method icon and language bar method
Win10 taskbar transparent setting method tutorial
Microsoft Windows operating system has become smart
Windows Defender win8 can not be closed under the solution