You are currently offline, waiting for your internet to reconnect

Windows 2000 Security Event Descriptions (Part 1 of 2)

Notice
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.
Summary
This article contains descriptions of various security-related and auditing-related events, and information about how to interpret these events. These events will all appear in the Security event log and will be logged with a source of "Security." The following article in the Microsoft Knowledge Base is Part 2 of 2:
301677 Windows 2000 Security Event Descriptions (Part 2 of 2)
More information
   Event ID: 512 (0x0200)       Type: Success AuditDescription: Windows NT is starting up.				
   Event ID: 513 (0x0201)       Type: Success AuditDescription: Windows NT is shutting down.             All logon sessions will be terminated by this shutdown.				
   Event ID: 514 (0x0202)       Type: Success AuditDescription: An authentication package has been loaded by the Local Security Authority.             This authentication package will be used to authenticate logon attempts.             Authentication Package Name: %1				
   Event ID: 515 (0x0203)       Type: Success AuditDescription: A trusted logon process has registered with the Local Security Authority.             This logon process will be trusted to submit logon requests.             Logon Process Name: %1				
   Event ID: 516 (0x0204)       Type: Success AuditDescription: Internal resources allocated for the queuing of audit messages have been             exhausted, leading to the loss of some audits.             Number of audit messages discarded: %1				
   Event ID: 517 (0x0205)       Type: Success AuditDescription: The audit log was cleared             Primary User Name: %1     Primary Domain:   %2             Primary Logon ID:  %3     Client User Name: %4             Client Domain:     %5     Client Logon ID:  %6				
   Event ID: 518 (0x0206)       Type: Success AuditDescription: An notification package has been loaded by the Security Account Manager.             This package will be notified of any account or password changes.             Notification Package Name: %1				
   Event ID: 528 (0x0210)       Type: Success AuditDescription: Successful Logon:             User Name: %1             Domain: %2             Logon ID: %3              Logon Type: %4             Logon Process: %5         Authentication Package: %6             Workstation Name: %7				
   Event ID: 529 (0x0211)       Type: Failure AuditDescription: Logon Failure             Reason: Unknown user name or bad password             User Name: %1              Domain: %2             Logon Type: %3             Logon Process: %4             Authentication Package: %5 Workstation Name: %6				
   Event ID: 530 (0x0212)       Type: Failure AuditDescription: Logon Failure             Reason: Account logon time restriction violation             User Name: %1              Domain: %2             Logon Type: %3             Logon Process: %4             Authentication Package: %5 Workstation Name: %6				
   Event ID: 531 (0x0213)       Type: Failure AuditDescription: Logon Failure             Reason: Account currently disabled             User Name: %1              Domain: %2             Logon Type: %3             Logon Process: %4             Authentication Package: %5 Workstation Name: %6				
   Event ID: 532 (0x0214)       Type: Failure AuditDescription: Logon Failure             Reason: The specified user account has expired             User Name: %1              Domain: %2             Logon Type: %3             Logon Process: %4             Authentication Package: %5 Workstation Name: %6 				
   Event ID: 533 (0x0215)       Type: Failure AuditDescription: Logon Failure             Reason: User not allowed to logon at this computer             User Name: %1              Domain: %2             Logon Type: %3             Logon Process: %4             Authentication Package: %5 Workstation Name: %6 				
   Event ID: 534 (0x0216)       Type: Failure AuditDescription: Logon Failure             Reason:The user has not been granted the requested              logon type at this machine             User Name: %1              Domain: %2             Logon Type: %3             Logon Process: %4             Authentication Package: %5 Workstation Name: %6 				
   Event ID: 535 (0x0217)       Type: Failure AuditDescription: Logon Failure             Reason: The specified account's password has expired             User Name: %1              Domain: %2             Logon Type: %3             Logon Process: %4             Authentication Package: %5 Workstation Name: %6 				
   Event ID: 536 (0x0218)       Type: Failure AuditDescription: Logon Failure             Reason: The NetLogon component is not active             User Name: %1              Domain: %2             Logon Type: %3             Logon Process: %4             Authentication Package: %5 Workstation Name: %6 				
   Event ID: 537 (0x0219)       Type: Failure AuditDescription: Logon Failure             Reason: An unexpected error occurred during logon             User Name: %1              Domain: %2             Logon Type: %3             Logon Process: %4             Authentication Package: %5 Workstation Name: %6 				
   Event ID: 538 (0x021A)       Type: Success AuditDescription: User Logoff             User Name: %1              Domain: %2             Logon ID: %3               Logon Type: %4.				
   Event ID: 539 (0x021B)       Type: Failure AuditDescription: Logon Failure             Reason: Account locked out             User Name: %1              Domain: %2             Logon Type: %3             Logon Process: %4             Authentication Package: %5 Workstation Name: %6 				
   Event ID: 540 (0x021c)       Type: Success AuditDescription: Successful Network Logon             User Name: %1              Domain: %2             Logon ID: %3               Logon Type: %4             Logon Process: %5          Authentication Package: %6             Workstation Name: %7				
   Event ID: 541 (0x021d)       Type: Success AuditDescription: IKE security association established.             Mode: %1                   Peer Identity: %2             Filter: %3                 Parameters: %4				
   Event ID: 542 (0x021e)       Type: Success AuditDescription: IKE security association ended.             Mode: Data Protection (Quick mode)             Filter: %1                 Inbound SPI: %2             Outbound SPI: %3				
   Event ID: 543 (0x021f)       Type: Success AuditDescription: IKE security association ended.             Mode: Key Exchange (Main mode)             Filter: %1				
   Event ID: 544 (0x0220)       Type: Failure AuditDescription: IKE security association establishment failed because peer could not             authenticate. The certificate trust could not be established.             Peer Identity: %1          Filter: %2				
   Event ID: 545 (0x0221)       Type: Failure AuditDescription: IKE peer authentication failed.             Peer Identity: %1          Filter: %2				
   Event ID: 546 (0x0222)       Type: Failure AuditDescription: IKE security association establishment failed because peer             sent invalid proposal.             Mode: %1                   Filter: %2             Attribute: %3              Expected value: %4             Received value: %5				
   Event ID: 547 (0x0223)       Type: Failure AuditDescription: IKE security association negotiation failed.             Mode:          %1          Filter: %2             Failure Point: %3          Failure Reason: %4				
   Event ID: 560 (0x0230)       Type: Success AuditDescription: Object Open             Object Server: %1          Object Type: %2             Object Name: %3            New Handle ID: %4             Operation ID:{%5,%6}       Process ID: %7             Primary User Name: %8      Primary Domain: %9             Primary Logon ID: %10      Client User Name: %11             Client Domain: %12         Client Logon ID: %13             Accesses %14               Privileges %15				
   Event ID: 561 (0x0231)       Type: Success AuditDescription: Handle Allocated             Handle ID: %1              Operation ID:{%2,%3}             Process ID: %4				
   Event ID: 562 (0x0232)       Type: Success AuditDescription: Handle Closed             Object Server: %1          Handle ID: %2             Process ID: %3				
   Event ID: 563 (0x0233)       Type: Success AuditDescription: Object Open for Delete             Object Server: %1          Object Type: %2             Object Name: %3            New Handle ID: %4             Operation ID:{%5,%6}       Process ID: %7             Primary User Name: %8      Primary Domain: %9             Primary Logon ID: %10      Client User Name: %11             Client Domain: %12         Client Logon ID: %13             Accesses %14               Privileges %15				
   Event ID: 564 (0x0234)       Type: Success AuditDescription: Object Deleted             Object Server: %1          Handle ID: %2             Process ID: %3				
   Event ID: 565 (0x0235)       Type: Success AuditDescription: Object Open             Object Server: %1          Object Type: %2             Object Name: %3            New Handle ID: %4             Operation ID:{%5,%6}       Process ID: %7             Primary User Name: %8      Primary Domain: %9             Primary Logon ID: %10      Client User Name: %11             Client Domain: %12         Client Logon ID: %13             Accesses %14               Privileges %15             Properties:%16%17%18%19%20%21%22%23%24%25				
   Event ID: 566 (0x0236)       Type: Success AuditDescription: Object Operation             Operation Type %1          Object Type: %2             Object Name: %3            Handle ID: %4             Operation ID:{%5,%6}       Primary User Name: %7             Primary Domain: %8         Primary Logon ID: %9             Client User Name: %10      Client Domain: %11             Client Logon ID: %12       Requested Accesses %13				
   Event ID: 576 (0x0240)       Type: Success AuditDescription: Special privileges assigned to new logon:             User Name: %1              Domain: %2             Logon ID: %3               Assigned: %4				
   Event ID: 577 (0x0241)       Type: Success AuditDescription: Privileged Service Called             Server: %1                 Service: %2             Primary User Name: %3      Primary Domain: %4             Primary Logon ID: %5       Client User Name: %6             Client Domain: %7          Client Logon ID: %8             Privileges: %9 				
   Event ID: 578 (0x0242)       Type: Success AuditDescription: Privileged object operation             Object Server: %1          Object Handle: %2             Process ID: %3             Primary User Name: %4             Primary Domain: %5         Primary Logon ID: %6             Client User Name: %7       Client Domain: %8             Client Logon ID: %9        Privileges: %10				
   Event ID: 592 (0x0250)       Type: Success AuditDescription: A new process has been created             New Process ID: %1         Image File Name: %2             Creator Process ID: %3     User Name: %4             Domain: %5                 Logon ID: %6				
   Event ID: 593 (0x0251)       Type: Success AuditDescription: A process has exited             Process ID: %1             User Name: %2             Domain: %3                 Logon ID: %4				
   Event ID: 594 (0x0252)       Type: Success AuditDescription: A handle to an object has been duplicated             Source Handle ID: %1       Source Process ID: %2             Target Handle ID: %3       Target Process ID: %4				
   Event ID: 595 (0x0253)       Type: Success AuditDescription: Indirect access to an object has been obtained             Object Type: %1            Object Name: %2             Process ID: %3             Primary User Name: %4             Primary Domain: %5         Primary Logon ID: %6             Client User Name: %7       Client Domain: %8             Client Logon ID: %9        Accesses: %10				
Properties

Article ID: 299475 - Last Review: 06/19/2014 13:03:00 - Revision: 4.0

  • kbinfo KB299475
Feedback