Windows 2000 安全性事件說明 (步驟 1 之 2)

文章翻譯 文章翻譯
文章編號: 299475 - 檢視此文章適用的產品。
注意事項
這份文件適用於 Windows 2000。Windows 2000 支援的結束 2010 7 月 13,Windows 2000 End-of-Support Solution Center 是規劃您的遷移策略,從 Windows 2000 的起點。如需詳細資訊請參閱 Microsoft Support Lifecycle Policy]。
全部展開 | 全部摺疊

結論

本文包含各種安全性相關,且相關的稽核事件以及如何解譯這些事件的相關資訊的說明。這些事件所有會出現在安全性事件記錄檔,並且將會記錄與來源的安全性。下列的文件 「 Microsoft 知識庫 」 中是二之二:
301677Windows 2000 安全性事件說明 (步驟 2 之 2)

其他相關資訊

   Event ID: 512 (0x0200)
       Type: Success Audit
Description: Windows NT is starting up.
				
   Event ID: 513 (0x0201)
       Type: Success Audit
Description: Windows NT is shutting down.
             All logon sessions will be terminated by this shutdown.
				
   Event ID: 514 (0x0202)
       Type: Success Audit
Description: An authentication package has been loaded by the Local Security Authority.
             This authentication package will be used to authenticate logon attempts.
             Authentication Package Name: %1
				
   Event ID: 515 (0x0203)
       Type: Success Audit
Description: A trusted logon process has registered with the Local Security Authority.
             This logon process will be trusted to submit logon requests.
             Logon Process Name: %1
				
   Event ID: 516 (0x0204)

       Type: Success Audit
Description: Internal resources allocated for the queuing of audit messages have been
             exhausted, leading to the loss of some audits.
             Number of audit messages discarded: %1
				
   Event ID: 517 (0x0205)
       Type: Success Audit
Description: The audit log was cleared
             Primary User Name: %1     Primary Domain:   %2
             Primary Logon ID:  %3     Client User Name: %4
             Client Domain:     %5     Client Logon ID:  %6
				
   Event ID: 518 (0x0206)
       Type: Success Audit
Description: An notification package has been loaded by the Security Account Manager.
             This package will be notified of any account or password changes.
             Notification Package Name: %1
				
   Event ID: 528 (0x0210)
       Type: Success Audit
Description: Successful Logon:
             User Name: %1             Domain: %2
             Logon ID: %3              Logon Type: %4
             Logon Process: %5         Authentication Package: %6
             Workstation Name: %7
				
   Event ID: 529 (0x0211)
       Type: Failure Audit
Description: Logon Failure
             Reason: Unknown user name or bad password
             User Name: %1              Domain: %2
             Logon Type: %3             Logon Process: %4
             Authentication Package: %5 Workstation Name: %6
				
   Event ID: 530 (0x0212)
       Type: Failure Audit
Description: Logon Failure
             Reason: Account logon time restriction violation
             User Name: %1              Domain: %2
             Logon Type: %3             Logon Process: %4
             Authentication Package: %5 Workstation Name: %6
				
   Event ID: 531 (0x0213)
       Type: Failure Audit
Description: Logon Failure
             Reason: Account currently disabled
             User Name: %1              Domain: %2
             Logon Type: %3             Logon Process: %4
             Authentication Package: %5 Workstation Name: %6
				
   Event ID: 532 (0x0214)
       Type: Failure Audit
Description: Logon Failure
             Reason: The specified user account has expired
             User Name: %1              Domain: %2
             Logon Type: %3             Logon Process: %4
             Authentication Package: %5 Workstation Name: %6 
				
   Event ID: 533 (0x0215)
       Type: Failure Audit
Description: Logon Failure
             Reason: User not allowed to logon at this computer
             User Name: %1              Domain: %2
             Logon Type: %3             Logon Process: %4
             Authentication Package: %5 Workstation Name: %6 
				
   Event ID: 534 (0x0216)
       Type: Failure Audit
Description: Logon Failure
             Reason:The user has not been granted the requested 
             logon type at this machine
             User Name: %1              Domain: %2
             Logon Type: %3             Logon Process: %4
             Authentication Package: %5 Workstation Name: %6 
				
   Event ID: 535 (0x0217)
       Type: Failure Audit
Description: Logon Failure
             Reason: The specified account's password has expired
             User Name: %1              Domain: %2
             Logon Type: %3             Logon Process: %4
             Authentication Package: %5 Workstation Name: %6 
				
   Event ID: 536 (0x0218)
       Type: Failure Audit
Description: Logon Failure
             Reason: The NetLogon component is not active
             User Name: %1              Domain: %2
             Logon Type: %3             Logon Process: %4
             Authentication Package: %5 Workstation Name: %6 
				
   Event ID: 537 (0x0219)
       Type: Failure Audit
Description: Logon Failure
             Reason: An unexpected error occurred during logon
             User Name: %1              Domain: %2
             Logon Type: %3             Logon Process: %4
             Authentication Package: %5 Workstation Name: %6 
				
   Event ID: 538 (0x021A)
       Type: Success Audit
Description: User Logoff
             User Name: %1              Domain: %2
             Logon ID: %3               Logon Type: %4.
				
   Event ID: 539 (0x021B)
       Type: Failure Audit
Description: Logon Failure
             Reason: Account locked out
             User Name: %1              Domain: %2
             Logon Type: %3             Logon Process: %4
             Authentication Package: %5 Workstation Name: %6 
				
   Event ID: 540 (0x021c)
       Type: Success Audit
Description: Successful Network Logon
             User Name: %1              Domain: %2
             Logon ID: %3               Logon Type: %4
             Logon Process: %5          Authentication Package: %6
             Workstation Name: %7
				
   Event ID: 541 (0x021d)
       Type: Success Audit
Description: IKE security association established.
             Mode: %1                   Peer Identity: %2
             Filter: %3                 Parameters: %4
				
   Event ID: 542 (0x021e)
       Type: Success Audit
Description: IKE security association ended.
             Mode: Data Protection (Quick mode)
             Filter: %1                 Inbound SPI: %2
             Outbound SPI: %3
				
   Event ID: 543 (0x021f)
       Type: Success Audit
Description: IKE security association ended.
             Mode: Key Exchange (Main mode)
             Filter: %1
				
   Event ID: 544 (0x0220)
       Type: Failure Audit
Description: IKE security association establishment failed because peer could not
             authenticate. The certificate trust could not be established.
             Peer Identity: %1          Filter: %2
				
   Event ID: 545 (0x0221)
       Type: Failure Audit
Description: IKE peer authentication failed.
             Peer Identity: %1          Filter: %2
				
   Event ID: 546 (0x0222)
       Type: Failure Audit
Description: IKE security association establishment failed because peer
             sent invalid proposal.
             Mode: %1                   Filter: %2
             Attribute: %3              Expected value: %4
             Received value: %5
				
   Event ID: 547 (0x0223)
       Type: Failure Audit
Description: IKE security association negotiation failed.
             Mode:          %1          Filter: %2
             Failure Point: %3          Failure Reason: %4
				
   Event ID: 560 (0x0230)
       Type: Success Audit
Description: Object Open
             Object Server: %1          Object Type: %2
             Object Name: %3            New Handle ID: %4
             Operation ID:{%5,%6}       Process ID: %7
             Primary User Name: %8      Primary Domain: %9
             Primary Logon ID: %10      Client User Name: %11
             Client Domain: %12         Client Logon ID: %13
             Accesses %14               Privileges %15
				
   Event ID: 561 (0x0231)
       Type: Success Audit
Description: Handle Allocated
             Handle ID: %1              Operation ID:{%2,%3}
             Process ID: %4
				
   Event ID: 562 (0x0232)
       Type: Success Audit
Description: Handle Closed
             Object Server: %1          Handle ID: %2
             Process ID: %3
				
   Event ID: 563 (0x0233)
       Type: Success Audit
Description: Object Open for Delete
             Object Server: %1          Object Type: %2
             Object Name: %3            New Handle ID: %4
             Operation ID:{%5,%6}       Process ID: %7
             Primary User Name: %8      Primary Domain: %9
             Primary Logon ID: %10      Client User Name: %11
             Client Domain: %12         Client Logon ID: %13
             Accesses %14               Privileges %15
				
   Event ID: 564 (0x0234)
       Type: Success Audit
Description: Object Deleted
             Object Server: %1          Handle ID: %2
             Process ID: %3
				
   Event ID: 565 (0x0235)
       Type: Success Audit
Description: Object Open
             Object Server: %1          Object Type: %2
             Object Name: %3            New Handle ID: %4
             Operation ID:{%5,%6}       Process ID: %7
             Primary User Name: %8      Primary Domain: %9
             Primary Logon ID: %10      Client User Name: %11
             Client Domain: %12         Client Logon ID: %13
             Accesses %14               Privileges %15
             Properties:%16%17%18%19%20%21%22%23%24%25
				
   Event ID: 566 (0x0236)
       Type: Success Audit
Description: Object Operation
             Operation Type %1          Object Type: %2
             Object Name: %3            Handle ID: %4
             Operation ID:{%5,%6}       Primary User Name: %7
             Primary Domain: %8         Primary Logon ID: %9
             Client User Name: %10      Client Domain: %11
             Client Logon ID: %12       Requested Accesses %13
				
   Event ID: 576 (0x0240)
       Type: Success Audit
Description: Special privileges assigned to new logon:
             User Name: %1              Domain: %2
             Logon ID: %3               Assigned: %4
				
   Event ID: 577 (0x0241)
       Type: Success Audit
Description: Privileged Service Called
             Server: %1                 Service: %2
             Primary User Name: %3      Primary Domain: %4
             Primary Logon ID: %5       Client User Name: %6
             Client Domain: %7          Client Logon ID: %8
             Privileges: %9 
				
   Event ID: 578 (0x0242)
       Type: Success Audit
Description: Privileged object operation
             Object Server: %1          Object Handle: %2
             Process ID: %3             Primary User Name: %4
             Primary Domain: %5         Primary Logon ID: %6
             Client User Name: %7       Client Domain: %8
             Client Logon ID: %9        Privileges: %10
				
   Event ID: 592 (0x0250)
       Type: Success Audit
Description: A new process has been created
             New Process ID: %1         Image File Name: %2
             Creator Process ID: %3     User Name: %4
             Domain: %5                 Logon ID: %6
				
   Event ID: 593 (0x0251)
       Type: Success Audit
Description: A process has exited
             Process ID: %1             User Name: %2
             Domain: %3                 Logon ID: %4
				
   Event ID: 594 (0x0252)
       Type: Success Audit
Description: A handle to an object has been duplicated
             Source Handle ID: %1       Source Process ID: %2
             Target Handle ID: %3       Target Process ID: %4
				
   Event ID: 595 (0x0253)
       Type: Success Audit
Description: Indirect access to an object has been obtained
             Object Type: %1            Object Name: %2
             Process ID: %3             Primary User Name: %4
             Primary Domain: %5         Primary Logon ID: %6
             Client User Name: %7       Client Domain: %8
             Client Logon ID: %9        Accesses: %10
				

屬性

文章編號: 299475 - 上次校閱: 2007年1月31日 - 版次: 3.5
這篇文章中的資訊適用於:
  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Windows 2000 Professional SP2
  • Microsoft Windows 2000 Datacenter Server SP2
關鍵字:?
kbmt kbinfo KB299475 KbMtzh
機器翻譯
重要:本文是以 Microsoft 機器翻譯軟體翻譯而成,而非使用人工翻譯而成。Microsoft 同時提供使用者人工翻譯及機器翻譯兩個版本的文章,讓使用者可以依其使用語言使用知識庫中的所有文章。但是,機器翻譯的文章可能不盡完美。這些文章中也可能出現拼字、語意或文法上的錯誤,就像外國人在使用本國語言時可能發生的錯誤。Microsoft 不為內容的翻譯錯誤或客戶對該內容的使用所產生的任何錯誤或損害負責。Microsoft也同時將不斷地就機器翻譯軟體進行更新。
按一下這裡查看此文章的英文版本:299475
Microsoft及(或)其供應商不就任何在本伺服器上發表的文字資料及其相關圖表資訊的恰當性作任何承諾。所有文字資料及其相關圖表均以「現狀」供應,不負任何擔保責任。Microsoft及(或)其供應商謹此聲明,不負任何對與此資訊有關之擔保責任,包括關於適售性、適用於某一特定用途、權利或不侵權的明示或默示擔保責任。Microsoft及(或)其供應商無論如何不對因或與使用本伺服器上資訊或與資訊的實行有關而引起的契約、過失或其他侵權行為之訴訟中的特別的、間接的、衍生性的損害或任何因使用而喪失所導致的之損害、資料或利潤負任何責任。

提供意見

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com