Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Success Audit|
Kerberos Policy Changed: Changed By: User Name: APPSERVER$ Domain Name: ALTDOMAIN Logon ID: (0x0,0x3E7) Changes made: ('--' means no changes, otherwise each change is shown as: : ()) KerLogoff: 0x7683cd1a014ef8b0 (0x7683cd1a0152f8b0);
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is Kerberos?
ME272460 gives information about Event ID 617 in the Security event log.
This event is generated after a change on Security Policies for Windows 2000 Active Directory. See ME174074 and ME255295 for more details.
Also see ME279156. When a wrong file system policy is applied, the ACL on files in the sysvol can be changed, and shows as a GPO change.
|Private comment: Subscribers only. See example of private comment|
|Links: ME174074, ME255295, ME272460, Online Analysis of Security Event Log|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated