Event Codes

Windows Common/Useful Event Codes

Ultimate Windows Security Encyclopedia

TypeEvent ID

New Process Created

User Account Created

User Account Enabled

Attempts to reset accounts password

Delete User

User added to a security-enabled global group

User added to a security-enabled local group

Clear Event Log

Logon Success

4624 (Logon Type 3, 10)

Logon Failed

4625 (Logon Type 3, 10)

A service was installed in the system

User Account locked out

User Account Unlocked

Terminal Service Session Reconnected

Terminal Service Session Reconnected

User Initiated Logoff

Object Permission Changed

NTLM over kerberos (DC attempted to validate the credentials for an account)

An attempt was made to access an object

A handle to an object was requested with intent to delete

An object was deleted

Disable Firewall

2003

Create Services

7030, 7045

Applocker

8003, 8004, 8006, 8007

Service Terminated Unexpectedly

7034

Service Start Type Change (disabled, manual, automatic)

7040

Service Start / Stop

7036

DC sync based activity

4662

Insert USB

7045 10000, 10001, 10100 20001, 20001, 20003 24576, 24577, 24579

Last updated