Windows 2000 安全事件说明(共 2 部分,第 1 部分)

文章翻译 文章翻译
文章编号: 299475 - 查看本文应用于的产品
本文的发布号曾为 CHS299475
展开全部 | 关闭全部

概要

本文包含各种与安全和审核有关的事件的说明,以及有关如何解释这些事件的信息。这些事件均出现在安全事件日志中,并使用"安全性"来源进行记录。以下 Microsoft 知识库文章为第 2 部分(共 2 部分)
301677 Windows 2000 Security Event Descriptions (Part 2 of 2)(Windows 2000 安全事件说明(第 2 部分,共 2 部分))

更多信息

Event ID:512 (0x0200)
Type:Success Audit
Description:Windows NT is starting up.
Event ID:513 (0x0201)
Type:Success Audit
Description:Windows NT is shutting down.
All logon sessions will be terminated by this shutdown.
Event ID:514 (0x0202)
Type:Success Audit
Description:An authentication package has been loaded by the Local Security Authority.
This authentication package will be used to authenticate logon attempts.
Authentication Package: %1
Event ID:515 (0x0203)
Type:Success Audit
Description:A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.
Logon Process Name: %1
Event ID:516 (0x0204)

Type:Success Audit
Description:Internal resources allocated for the queuing of audit messages have been
exhausted, leading to the loss of some audits.
Number of audit messages discarded: %1
Event ID:517 (0x0205)
Type:Success Audit
Description:The audit log was cleared
Primary User Name:%1     Primary Domain:   %2
Primary Logon ID:%3     Client User Name: %4
Client Domain:%5     Client Logon ID:  %6
Event ID:518 (0x0206)
Type:Success Audit
Description:An notification package has been loaded by the Security Account Manager.
This package will be notified of any account or password changes.
Notification Package Name: %1
Event ID:528 (0x0210)
Type:Success Audit
Description:Successful Logon:
User Name:%1             Domain: %2
Logon ID:%3              Logon Type: %4
Logon Process:%5         Authentication Package: %6
Workstation Name: %7
Event ID:529 (0x0211)
Type:Failure Audit
Description:Logon Failure
Reason:unknown user name or bad password.
User Name:%1             Domain: %2
Logon Type:%3             Logon Process: %4
Authentication Package:%5 Workstation Name: %6
Event ID:530 (0x0212)
Type:Failure Audit
Description:Logon Failure
Reason:Account logon time restriction violation
User Name:%1             Domain: %2
Logon Type:%3             Logon Process: %4
Authentication Package:%5 Workstation Name: %6
Event ID:531 (0x0213)
Type:Failure Audit
Description:Logon Failure
Reason:Account currently disabled
User Name:%1             Domain: %2
Logon Type:%3             Logon Process: %4
Authentication Package:%5 Workstation Name: %6
Event ID:532 (0x0214)
Type:Failure Audit
Description:Logon Failure
Reason:The specified user account has expired
User Name:%1             Domain: %2
Logon Type:%3             Logon Process: %4
Authentication Package:%5 Workstation Name: %6 
Event ID:533 (0x0215)
Type:Failure Audit
Description:Logon Failure
Reason:User not allowed to logon at this computer
User Name:%1             Domain: %2
Logon Type:%3             Logon Process: %4
Authentication Package:%5 Workstation Name: %6 
Event ID:534 (0x0216)
Type:Failure Audit
Description:Logon Failure
Reason:The user has not been granted the requested 
logon type at this machine
User Name:%1             Domain: %2
Logon Type:%3             Logon Process: %4
Authentication Package:%5 Workstation Name: %6 
Event ID:535 (0x0217)
Type:Failure Audit
Description:Logon Failure
Reason:The specified account's password has expired
User Name:%1             Domain: %2
Logon Type:%3             Logon Process: %4
Authentication Package:%5 Workstation Name: %6 
Event ID:536 (0x0218)
Type:Failure Audit
Description:Logon Failure
Reason:The NetLogon component is not active
User Name:%1             Domain: %2
Logon Type:%3             Logon Process: %4
Authentication Package:%5 Workstation Name: %6 
Event ID:537 (0x0219)
Type:Failure Audit
Description:Logon Failure
Reason:An unexpected error occurred during logon
User Name:%1             Domain: %2
Logon Type:%3             Logon Process: %4
Authentication Package:%5 Workstation Name: %6 
Event ID:538 (0x021A)
Type:Success Audit
Description:User Logoff
User Name:%1             Domain: %2
Logon ID:%3              Logon Type: %4.
Event ID:539 (0x021B)
Type:Failure Audit
Description:Logon Failure
Reason:Account locked out
User Name:%1             Domain: %2
Logon Type:%3             Logon Process: %4
Authentication Package:%5 Workstation Name: %6 
Event ID:540 (0x021c)
Type:Success Audit
Description:Successful Network Logon
User Name:%1             Domain: %2
Logon ID:%3              Logon Type: %4
Logon Process:%5         Authentication Package: %6
Workstation Name: %7
Event ID:541 (0x021d)
Type:Success Audit
Description:IKE security association ended.
Mode:Peer Identity: %2
Filter:%3                 Parameters: %4
Event ID:542 (0x021e)
Type:Success Audit
Description:IKE security association ended.
Mode:Data Protection (Quick mode)
Filter:%1                 Inbound SPI: %2
Outbound SPI: %3
Event ID:543 (0x021f)
Type:Success Audit
Description:IKE security association ended.
Mode:Key Exchange (Main mode)
Filter: %1
Event ID:544 (0x0220)
Type:Failure Audit
Description:IKE security association establishment failed because peer could not
authenticate.The certificate trust could not be established.
Peer Identity:%1          Filter: %2
Event ID:545 (0x0221)
Type:Failure Audit
Description:IKE peer authentication failed.
Peer Identity:%1          Filter: %2
Event ID:546 (0x0222)
Type:Failure Audit
Description:IKE security association establishment failed because peer
sent invalid proposal.
Mode:%1          Filter: %2
Attribute:%3              Expected value: %4
Received value: %5
Event ID:547 (0x0223)
Type:Failure Audit
Description:IKE security association negotiation failed.
Mode:%1          Filter: %2
Failure Point:%3          Failure Reason: %4
Event ID:560 (0x0230)
Type:Success Audit
Description:Object Open
Object Server:%1          Object Type: %2
Object Name:%3            New Handle ID: %4
Operation ID:{%5,%6}       Process ID: %7
Primary User Name:%8     Primary Domain: %9
Primary Logon ID:%10     Client User Name: %11
Client Domain:%12     Client Logon ID: %13
Accesses %14               Privileges %15
Event ID:561 (0x0231)
Type:Success Audit
Description:Handle Allocated
Handle ID:%1              Operation ID:{%2,%3}
Process ID: %4
Event ID:562 (0x0232)
Type:Success Audit
Description:Handle Closed
Object Server:%1          Handle ID: %2
Process ID: %3
Event ID:563 (0x0233)
Type:Success Audit
Description:Object Open for Delete
Object Server:%1          Object Type: %2
Object Name:%3            New Handle ID: %4
Operation ID:{%5,%6}       Process ID: %7
Primary User Name:%8     Primary Domain: %9
Primary Logon ID:%10     Client User Name: %11
Client Domain:%12     Client Logon ID: %13
Accesses %14               Privileges %15
Event ID:564 (0x0234)
Type:Success Audit
Description:Object Deleted
Object Server:%1          Handle ID: %2
Process ID: %3
Event ID:565 (0x0235)
Type:Success Audit
Description:Object Open
Object Server:%1          Object Type: %2
Object Name:%3            New Handle ID: %4
Operation ID:{%5,%6}       Process ID: %7
Primary User Name:%8     Primary Domain: %9
Primary Logon ID:%10     Client User Name: %11
Client Domain:%12     Client Logon ID: %13
Accesses %14               Privileges %15
Properties:%16%17%18%19%20%21%22%23%24%25
Event ID:566 (0x0236)
Type:Success Audit
Description:Object Operation
Operation Type %1          Object Type: %2
Object Name:%3          Handle ID: %4
Operation ID:{%5,%6}       Process ID: %7
Primary Domain:%8         Primary Logon ID: %9
Client User Name:%10      Client Domain: %11
Client Logon ID:%12       Requested Accesses %13
Event ID:576 (0x0240)
Type:Success Audit
Description:Special privileges assigned to new logon:
User Name:%1             Domain: %2
Logon ID:%3               Assigned: %4
Event ID:577 (0x0241)
Type:Success Audit
Description:Privileged Service Called
Server:%1                 Service: %2
Primary User Name:%3     Primary Domain: %4
Primary Logon ID:%5     Client User Name: %6
Client Domain:%7     Client Logon ID: %8
Privileges: %9 
Event ID:578 (0x0242)
Type:Success Audit
Description:Privileged object operation
Object Server:%1          Object Type: %2
Process ID:%3             Primary User Name: %4
Primary Domain:%5         Primary Logon ID: %6
Client User Name:%7      Client Domain: %8
Client Logon ID:%9        Privileges: %10
Event ID:592 (0x0250)
Type:Success Audit
Description:A new process has been created
Process ID:%1         Image File Name: %2
Process ID:%3     User Name: %4
Domain:%5                 Logon ID: %6
Event ID:593 (0x0251)
Type:Success Audit
Description:A process has exited
Process ID:%1     User Name: %2
Domain:%3                 Logon ID: %4
Event ID:594 (0x0252)
Type:Success Audit
Description:A handle to an object has been duplicated
Source Handle ID:%1       Source Process ID: %2
Target Account ID:%3    Target Account ID: %4
Event ID:595 (0x0253)
Type:Success Audit
Description:Indirect access to an object has been obtained
Object Type:%1          Object Type: %2
Process ID:%3             Primary User Name: %4
Primary Domain:%5         Primary Logon ID: %6
Client User Name:%7      Client Domain: %8
Client Logon ID:%9        Accesses: %10

属性

文章编号: 299475 - 最后修改: 2003年10月24日 - 修订: 1.4
这篇文章中的信息适用于:
  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Service Pack 2
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Service Pack 2
  • Microsoft Windows 2000 Service Pack 2
关键字:?
kbinfo kbtool KB299475
Microsoft和/或其各供应商对于为任何目的而在本服务器上发布的文件及有关图形所含信息的适用性,不作任何声明。 所有该等文件及有关图形均"依样"提供,而不带任何性质的保证。Microsoft和/或其各供应商特此声明,对所有与该等信息有关的保证和条件不负任何责任,该等保证和条件包括关于适销性、符合特定用途、所有权和非侵权的所有默示保证和条件。在任何情况下,在由于使用或运行本服务器上的信息所引起的或与该等使用或运行有关的诉讼中,Microsoft和/或其各供应商就因丧失使用、数据或利润所导致的任何特别的、间接的、衍生性的损害或任何因使用而丧失所导致的之损害、数据或利润不负任何责任。

提供反馈

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com