![]() The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Note A security identifier (SID) is a unique value of variable length used to identify a trustee (security principal). If the SID cannot be resolved, you will see the source data in the event. Event Viewer automatically tries to resolve SIDs and show the account name. Security ID : SID of account that requested the “change/update scheduled task” operation.Minimum OS Version: Windows Server 2008, Windows Vista. Windows 10 Versions 1903 and above augments the event with these additional properties: T19:03:06.9258653 CONTOSO\\dadmin HighestAvailable CONTOSO\\dadmin InteractiveToken IgnoreNew true true true false false true false true true false false false P3D 7 C:\\Documents\\listener.exe Note For recommendations, see Security Monitoring Recommendations for this event. This event generates every time scheduled task was updated/changed. Subcategory: Audit Other Object Access Events
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |