# Event Codes [Ultimate Windows Security Encyclopedia](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/) {% file src="" %} | Type | Event ID | | :--------------------------------------------------------------------------: | :-----------------------------------------------------------------------------------------------------------------: | | New Process Created | [4688](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4688) | | User Account Created | [4720](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4720) | | User Account Enabled | [4722](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4722) | | Attempts to reset accounts password | [4724](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4724) | | Delete User | [4726](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4726) | | User added to a security-enabled **global** group | [4728](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4728) | | User added to a security-enabled **local** group | [4732](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4732) | | Clear Event Log | [1102](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=1102) | | Logon Success | [4624](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4624) (Logon Type 3, 10) | | Logon Failed | [4625](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4625) (Logon Type 3, 10) | | A service was installed in the system | [4697](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4697) | | User Account locked out | [4740](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4740) | | User Account Unlocked | [4767](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4767) | | Terminal Service Session Reconnected | [4778](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4778) | | Terminal Service Session Reconnected | [4779](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4779) | | User Initiated Logoff | [4647](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4647) | | Object Permission Changed | [4670](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4670) | | NTLM over kerberos (DC attempted to validate the credentials for an account) | [4776](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4776) | | An attempt was made to access an object | [4663](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4663) | | A handle to an object was requested with intent to delete | [4659](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4659) | | An object was deleted | [4660](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4660) | | Disable Firewall | 2003 | | Create Services | 7030, 7045 | | Applocker | 8003, 8004, 8006, 8007 | | Service Terminated Unexpectedly | 7034 | | Service Start Type Change (disabled, manual, automatic) | 7040 | | Service Start / Stop | 7036 | | DC sync based activity | 4662 | | Insert USB |

7045
10000, 10001, 10100
20001, 20001, 20003
24576, 24577, 24579

|