Often floating on the Internet, how can you not slash? This is a vivid portrayal of the status quo of computer security for netizens. Even if it is a technical expert who is good at self-protection, it will inevitably be infected with viruses or Trojans. Not to mention the white netizens, how to protect computer security has become a matter of great concern to all netizens. To this end, today we will explain the Windows Server 2003 security event ID analysis, and hope to help us quickly identify the security events generated by the Microsoft? Windows Server 2003 operating system, which means what happened.
I. Account Login Event
The following shows the security events generated by the “Auditing Account Login Event&Security; security template settings.
672: The authentication service (AS) ticket has been successfully issued and verified.
673: The Authorized Ticket Service (TGS) ticket is authorized. TGS is a ticket issued by the Kerberos v5 Ticket Authorization Service (TGS) that allows users to authenticate specific services in the domain.
674: The security principal has updated the AS ticket or TGS ticket.
675: Pre-authentication failed. The Key Distribution Center (KDC) generates this event when the user types the wrong password.
676: The authentication ticket request failed. This event is not generated in members of the Windows XP Professional or Windows Server family.
677: The TGS ticket is not authorized. This event is not generated in members of the Windows XP Professional or Windows Server family.
678: The account has been successfully mapped to a domain account.
681: Login failed. Try a domain account login. This event is not generated in members of the Windows XP Professional or Windows Server family.
682: The user has reconnected to a disconnected terminal server session.
683: The user disconnects the terminal server session without logging out.
Second, Account Management Events
The following shows the security events generated by the "Audit Account Management" security template settings.
624: User account has been created.
627: User password has been changed.
628: The user password has been set.
630: User account has been deleted.
631: The global group has been created.
632: Members have been added to the global group.
633: The member has been removed from the global group.
634: The global group has been deleted.
635: A new local group has been created.
636: Members have been added to the local group.
637: The member has been removed from the local group.
638: The local group has been deleted.
639: The local group account has been changed.
641: The global group account has been changed.
642: User account has been changed.
643: The domain policy has been modified.
644: User accounts are automatically locked.
645: The computer account has been created.
646: The computer account has been changed.
647: The computer account has been deleted.
648: Disabled security local security group has been created.
Note:
From the official name, SECURITY_DISABLED means that the group cannot be used to authorize access checks.
649: Disabled security local security groups have changed.
650: Members have been added to a security-free local security group.
651: Members have been removed from the security-secured local security group.
652: Disabled security local groups have been deleted.
653: Disabled security global group has been created.
654: Disabled security global groups have changed.
655: Members have been added to a global group with security disabled.
656: The member has been removed from the global group with security disabled.
657: Disabled security global groups have been removed.
658: A universal group with security enabled has been created.
659: The universal group with security enabled has changed.
660: Members have been added to the security-enabled universal group.
661: Members have been removed from the security-enabled universal group.
662: The universal group with security enabled has been removed.
663: Disabled security universal group has been created.
664: Disabled security universal groups have changed.
665: Members have been added to the universal group with security disabled.
666: Members have been removed from the universal group with security disabled.
667: The disabled universal group has been removed.
668: The group type has changed.
684: The security descriptor for the management group member has been set.
Note:
On a domain controller, every 60 minutes, the background thread searches for and applies to all members of the management group (such as domain, enterprise, and schema administrators) A fixed security descriptor. The event has been logged.
685: The account name has been changed. Previous1234Next page Total 4 pages
In the win2003 system, the most likely use is remote operation, and many users about remote operatio
Windows Server 2003 is Microsofts server operating system for building and storing web applications,
If you are an avid multimedia enthusiast, you may be disappointed with your new Win
Using NAT to achieve network sharing This is a method that many enterprises are keen on. Windows 200
Four major failures and solutions under Windows2003
Easily implement network sharing restore in Win 2003
Break win2003 Blue Screen of Death failures of small Raiders
Win2003 to eliminate illegal application access methods
Master responds to win2003 terminal failure measures
Win2003 graphic file server installation steps
Teach you to easily set the Win 2003 domain controller password
Cheats taught! win2003VPN configuration steps
How to make a simple win2003 quick login system
Win 2003 Shared Resource Prompt Denies Access to Troubleshooting Process
Windows Server Management Tips Summary
Explain that win2003 Terminal Services is connected to and implicitly using
The difference and role of deleting files and shredding files
How to use the Win10 application connector
Win10 uses Win7/Win8.1 desktop background setting window graphic method
Win10 Technology Preview New Keyboard Keys
Set Win7 permissions so that the browser can only access the specified webpage
How to open Win10's local security policy? Two Win10 security policy settings open method diagram
How to add local weather alerts to Win10 Cortana to quickly know the weather information
Fax machine troubleshooting method in Vista
Win7 System Hidden Folders Tutorial
What happens when Win10 installs the driver with a blue screen error cmudaxp.sys?