Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Success Audit|
Recovery of data protection master key.
Key Identifier: <value>
Recovery Reason: <value>
Recovery Server: <value>
Recovery Key ID: <value>
Failure Reason: <value>.
|English: Request a translation of the event description in plain English.|
As per Microsoft: "A key that is used by the Data Protection application programming interface (DPAPI) is being recovered. Because the DPAPI keys are backed up on Active Directory, the computer can automatically recover a key when necessary. This message is logged for informational purposes only. It usually follows a Security 596 message, which indicates that the DPAPI key was backed up. There may be a period of days or weeks between the messages". See MSW2KDB for more details.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated