.png)
Audit Security Group Management
Updated: June 15, 2009
Applies To: Windows 7, Windows Server 2008 R2
This security policy setting determines whether the operating system generates audit events when any of the following security group management tasks are performed:
-
A security group is created, changed, or deleted.
-
A member is added to or removed from a security group.
-
A group's type is changed.
Security groups can be used for access control permissions and also as distribution lists.
Event volume: Low
Default: Success
If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.
| Event ID | Event message |
|---|---|
|
4727 |
A security-enabled global group was created. |
|
4728 |
A member was added to a security-enabled global group. |
|
4729 |
A member was removed from a security-enabled global group. |
|
4730 |
A security-enabled global group was deleted. |
|
4731 |
A security-enabled local group was created. |
|
4732 |
A member was added to a security-enabled local group. |
|
4733 |
A member was removed from a security-enabled local group. |
|
4734 |
A security-enabled local group was deleted. |
|
4735 |
A security-enabled local group was changed. |
|
4737 |
A security-enabled global group was changed. |
|
4754 |
A security-enabled universal group was created. |
|
4755 |
A security-enabled universal group was changed. |
|
4756 |
A member was added to a security-enabled universal group. |
|
4757 |
A member was removed from a security-enabled universal group. |
|
4758 |
A security-enabled universal group was deleted. |
|
4764 |
A group's type was changed. |
