CÓDIGO EVENTOS DELETE

4660 An object was deleted

4661 A handle to an object was requested
4662 An operation was performed on an object
4663 An attempt was made to access an object
4664 An attempt was made to create a hard link
4665 An attempt was made to create an application client context.
4666 An application attempted an operation
4667 An application client context was deleted
4668 An application was initialized
4726 A user account was deleted
4743 A computer account was deleted
4896 One or more rows have been deleted from the certificate database
5138 A directory service object was undeleted
5141 A directory service object was deleted
5144 A network share object was deleted.
5888 An object in the COM+ Catalog was modified
5889 An object was deleted from the COM+ Catalog

4660,4661,4662,4663,4664,4665,4666,4667,4668,4726,4743,4896,5138,5141,5144,
5888,5889
 CÓDIGO EVENTOS DE MODIFICAÇÃO

4657 A registry value was modified

4716 Trusted domain information was modified
4867 A trusted forest information entry was modified
4908 Special Groups Logon table modified
4930 An Active Directory replica source naming context was modified
4931 An Active Directory replica destination naming context was modified
4947 A change has been made to Windows Firewall exception list. A rule was modified
5041 A change has been made to IPsec settings. An Authentication Set was modified
5044 A change has been made to IPsec settings. A Connection Security Rule was modified
5047 A change has been made to IPsec settings. A Crypto Set was modified
5065 A cryptographic context modification was attempted
5067 A cryptographic function modification was attempted
5136 A directory service object was modified
5143 A network share object was modified
5169 A directory service object was modified
5170 A directory service object was modified during a background cleanup task
5888 An object in the COM+ Catalog was modified

4657,4716,4867,4908,4930,4931,4947,5041,5044,5047,5065,5067,5136,5143,5169,
5170,5880
 CÓDIGO EVENTOS LOGON

4611 A trusted logon process has been registered with the Local Security Authority
4648 A logon was attempted using explicit credentials
4672 Special privileges assigned to new logon
4774 An account was mapped for logon
4775 An account could not be mapped for logon
4908 Special Groups Logon table modified
4964 Special groups have been assigned to a new logon

4611,4648,4672,4774,4775,4908,4964
 CÓDIGO EVENTOS DE ACESSO

4663 An attempt was made to access an object

4671 An application attempted to access a blocked ordinal through the TBS
4691 Indirect access to an object was requested
4717 System security access was granted to an account
4718 System security access was removed from an account
4782 The password hash an account was accessed
4818 Proposed Central Access Policy does not grant the same access permissions as the current Central Access Poli
4819 Central Access Policies on the machine have been changed
4820 A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restr
4821 A Kerberos service ticket was denied because the user, device, or both does not meet the access control restr
4823 NTLM authentication failed because access control restrictions are required
4825 A user was denied the access to Remote Desktop. By default, users are allowed to connect only if they are me
4913 Central Access Policy on the object was changed
5071 Key access denied by Microsoft key distribution service
5140 A network share object was accessed
5145 A network share object was checked to see whether client can be granted desired access
6272 Network Policy Server granted access to a user
6273 Network Policy Server denied access to a user
6277 Network Policy Server granted access to a user but put it on probation because the host did not meet the defi
6278 Network Policy Server granted full access to a user because the host met the defined health policy

4671,4691,4717,4718,4782,4818,4819,4820,4821,4823,4825,4913,5071,5140,5145,
6272,6273,6277,6278

4660
4661
4662
4663
4664
4665
4666
4667
4668
nt Central Access Policy

he access control restrictions

he access control restrictions

ect only if they are members of the Remote Desktop Users group or Administrators group

did not meet the defined health policy

alth policy
CÓDIGO TODOS OS CÓDIGOS DO WINDOWS

1100 The event logging service has shut down

1101 Audit events have been dropped by the transport.
1102 The audit log was cleared
1104 The security Log is now full
1105 Event log automatic backup
1108 The event logging service encountered an error
4608 Windows is starting up
4609 Windows is shutting down
4610 An authentication package has been loaded by the Local Security Authority
4611 A trusted logon process has been registered with the Local Security Authority
4612 Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of so
4614 A notification package has been loaded by the Security Account Manager.
4615 Invalid use of LPC port
4616 The system time was changed.
4618 A monitored security event pattern has occurred
4621 Administrator recovered system from CrashOnAuditFail
4622 A security package has been loaded by the Local Security Authority.
4624 An account was successfully logged on
4625 An account failed to log on
4626 User/Device claims information
4627 Group membership information.
4634 An account was logged off
4646 IKE DoS-prevention mode started
4647 User initiated logoff
4648 A logon was attempted using explicit credentials
4649 A replay attack was detected
4650 An IPsec Main Mode security association was established
4651 An IPsec Main Mode security association was established
4652 An IPsec Main Mode negotiation failed
4653 An IPsec Main Mode negotiation failed
4654 An IPsec Quick Mode negotiation failed
4655 An IPsec Main Mode security association ended
4656 A handle to an object was requested
4657 A registry value was modified
4658 The handle to an object was closed
4659 A handle to an object was requested with intent to delete
4660 An object was deleted
4661 A handle to an object was requested
4662 An operation was performed on an object
4663 An attempt was made to access an object
4664 An attempt was made to create a hard link
4665 An attempt was made to create an application client context.
4666 An application attempted an operation
4667 An application client context was deleted
4668 An application was initialized
4670 Permissions on an object were changed
4671 An application attempted to access a blocked ordinal through the TBS
4672 Special privileges assigned to new logon
4673 A privileged service was called
4674 An operation was attempted on a privileged object
4675 SIDs were filtered
4688 A new process has been created
4689 A process has exited
4690 An attempt was made to duplicate a handle to an object
4691 Indirect access to an object was requested
4692 Backup of data protection master key was attempted
4693 Recovery of data protection master key was attempted
4694 Protection of auditable protected data was attempted
4695 Unprotection of auditable protected data was attempted
4696 A primary token was assigned to process
4697 A service was installed in the system
4698 A scheduled task was created
4699 A scheduled task was deleted
4700 A scheduled task was enabled
4701 A scheduled task was disabled
4702 A scheduled task was updated
4703 A token right was adjusted
4704 A user right was assigned
4705 A user right was removed
4706 A new trust was created to a domain
4707 A trust to a domain was removed
4709 IPsec Services was started
4710 IPsec Services was disabled
4711 PAStore Engine (1%)
4712 IPsec Services encountered a potentially serious failure
4713 Kerberos policy was changed
4714 Encrypted data recovery policy was changed
4715 The audit policy (SACL) on an object was changed
4716 Trusted domain information was modified
4717 System security access was granted to an account
4718 System security access was removed from an account
4719 System audit policy was changed
4720 A user account was created
4722 A user account was enabled
4723 An attempt was made to change an account's password
4724 An attempt was made to reset an accounts password
4725 A user account was disabled
4726 A user account was deleted
4727 A security-enabled global group was created
4728 A member was added to a security-enabled global group
4729 A member was removed from a security-enabled global group
4730 A security-enabled global group was deleted
4731 A security-enabled local group was created
4732 A member was added to a security-enabled local group
4733 A member was removed from a security-enabled local group
4734 A security-enabled local group was deleted
4735 A security-enabled local group was changed
4737 A security-enabled global group was changed
4738 A user account was changed
4739 Domain Policy was changed
4740 A user account was locked out
4741 A computer account was created
4742 A computer account was changed
4743 A computer account was deleted
4744 A security-disabled local group was created
4745 A security-disabled local group was changed
4746 A member was added to a security-disabled local group
4747 A member was removed from a security-disabled local group
4748 A security-disabled local group was deleted
4749 A security-disabled global group was created
4750 A security-disabled global group was changed
4751 A member was added to a security-disabled global group
4752 A member was removed from a security-disabled global group
4753 A security-disabled global group was deleted
4754 A security-enabled universal group was created
4755 A security-enabled universal group was changed
4756 A member was added to a security-enabled universal group
4757 A member was removed from a security-enabled universal group
4758 A security-enabled universal group was deleted
4759 A security-disabled universal group was created
4760 A security-disabled universal group was changed
4761 A member was added to a security-disabled universal group
4762 A member was removed from a security-disabled universal group
4763 A security-disabled universal group was deleted
4764 A groups type was changed
4765 SID History was added to an account
4766 An attempt to add SID History to an account failed
4767 A user account was unlocked
4768 A Kerberos authentication ticket (TGT) was requested
4769 A Kerberos service ticket was requested
4770 A Kerberos service ticket was renewed
4771 Kerberos pre-authentication failed
4772 A Kerberos authentication ticket request failed
4773 A Kerberos service ticket request failed
4774 An account was mapped for logon
4775 An account could not be mapped for logon
4776 The domain controller attempted to validate the credentials for an account
4777 The domain controller failed to validate the credentials for an account
4778 A session was reconnected to a Window Station
4779 A session was disconnected from a Window Station
4780 The ACL was set on accounts which are members of administrators groups
4781 The name of an account was changed
4782 The password hash an account was accessed
4783 A basic application group was created
4784 A basic application group was changed
4785 A member was added to a basic application group
4786 A member was removed from a basic application group
4787 A non-member was added to a basic application group
4788 A non-member was removed from a basic application group..
4789 A basic application group was deleted
4790 An LDAP query group was created
4791 A basic application group was changed
4792 An LDAP query group was deleted
4793 The Password Policy Checking API was called
4794 An attempt was made to set the Directory Services Restore Mode administrator password
4797 An attempt was made to query the existence of a blank password for an account
4798 A user's local group membership was enumerated.
4799 A security-enabled local group membership was enumerated
4800 The workstation was locked
4801 The workstation was unlocked
4802 The screen saver was invoked
4803 The screen saver was dismissed
4816 RPC detected an integrity violation while decrypting an incoming message
4817 Auditing settings on object were changed.
4818 Proposed Central Access Policy does not grant the same access permissions as the current Central Access Poli
4819 Central Access Policies on the machine have been changed
4820 A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restr
4821 A Kerberos service ticket was denied because the user, device, or both does not meet the access control restr
4822 NTLM authentication failed because the account was a member of the Protected User group
4823 NTLM authentication failed because access control restrictions are required
4824 Kerberos preauthentication by using DES or RC4 failed because the account was a member of the Protected U
4825 A user was denied the access to Remote Desktop. By default, users are allowed to connect only if they are me
4826 Boot Configuration Data loaded
4830 SID History was removed from an account
4864 A namespace collision was detected
4865 A trusted forest information entry was added
4866 A trusted forest information entry was removed
4867 A trusted forest information entry was modified
4868 The certificate manager denied a pending certificate request
4869 Certificate Services received a resubmitted certificate request
4870 Certificate Services revoked a certificate
4871 Certificate Services received a request to publish the certificate revocation list (CRL)
4872 Certificate Services published the certificate revocation list (CRL)
4873 A certificate request extension changed
4874 One or more certificate request attributes changed.
4875 Certificate Services received a request to shut down
4876 Certificate Services backup started
4877 Certificate Services backup completed
4878 Certificate Services restore started
4879 Certificate Services restore completed
4880 Certificate Services started
4881 Certificate Services stopped
4882 The security permissions for Certificate Services changed
4883 Certificate Services retrieved an archived key
4884 Certificate Services imported a certificate into its database
4885 The audit filter for Certificate Services changed
4886 Certificate Services received a certificate request
4887 Certificate Services approved a certificate request and issued a certificate
4888 Certificate Services denied a certificate request
4889 Certificate Services set the status of a certificate request to pending
4890 The certificate manager settings for Certificate Services changed.
4891 A configuration entry changed in Certificate Services
4892 A property of Certificate Services changed
4893 Certificate Services archived a key
4894 Certificate Services imported and archived a key
4895 Certificate Services published the CA certificate to Active Directory Domain Services
4896 One or more rows have been deleted from the certificate database
4897 Role separation enabled
4898 Certificate Services loaded a template
4899 A Certificate Services template was updated
4900 Certificate Services template security was updated
4902 The Per-user audit policy table was created
4904 An attempt was made to register a security event source
4905 An attempt was made to unregister a security event source
4906 The CrashOnAuditFail value has changed
4907 Auditing settings on object were changed
4908 Special Groups Logon table modified
4909 The local policy settings for the TBS were changed
4910 The group policy settings for the TBS were changed
4911 Resource attributes of the object were changed
4912 Per User Audit Policy was changed
4913 Central Access Policy on the object was changed
4928 An Active Directory replica source naming context was established
4929 An Active Directory replica source naming context was removed
4930 An Active Directory replica source naming context was modified
4931 An Active Directory replica destination naming context was modified
4932 Synchronization of a replica of an Active Directory naming context has begun
4933 Synchronization of a replica of an Active Directory naming context has ended
4934 Attributes of an Active Directory object were replicated
4935 Replication failure begins
4936 Replication failure ends
4937 A lingering object was removed from a replica
4944 The following policy was active when the Windows Firewall started
4945 A rule was listed when the Windows Firewall started
4946 A change has been made to Windows Firewall exception list. A rule was added
4947 A change has been made to Windows Firewall exception list. A rule was modified
4948 A change has been made to Windows Firewall exception list. A rule was deleted
4949 Windows Firewall settings were restored to the default values
4950 A Windows Firewall setting has changed
4951 A rule has been ignored because its major version number was not recognized by Windows Firewall
4952 Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall
4953 A rule has been ignored by Windows Firewall because it could not parse the rule
4954 Windows Firewall Group Policy settings has changed. The new settings have been applied
4956 Windows Firewall has changed the active profile
4957 Windows Firewall did not apply the following rule
4958 Windows Firewall did not apply the following rule because the rule referred to items not configured on this co
4960 IPsec dropped an inbound packet that failed an integrity check
4961 IPsec dropped an inbound packet that failed a replay check
4962 IPsec dropped an inbound packet that failed a replay check
4963 IPsec dropped an inbound clear text packet that should have been secured
4964 Special groups have been assigned to a new logon
4965 IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI).
4976 During Main Mode negotiation, IPsec received an invalid negotiation packet.
4977 During Quick Mode negotiation, IPsec received an invalid negotiation packet.
4978 During Extended Mode negotiation, IPsec received an invalid negotiation packet.
4979 IPsec Main Mode and Extended Mode security associations were established.
4980 IPsec Main Mode and Extended Mode security associations were established
4981 IPsec Main Mode and Extended Mode security associations were established
4982 IPsec Main Mode and Extended Mode security associations were established
4983 An IPsec Extended Mode negotiation failed
4984 An IPsec Extended Mode negotiation failed
4985 The state of a transaction has changed
5024 The Windows Firewall Service has started successfully
5025 The Windows Firewall Service has been stopped
5027 The Windows Firewall Service was unable to retrieve the security policy from the local storage
5028 The Windows Firewall Service was unable to parse the new security policy.
5029 The Windows Firewall Service failed to initialize the driver
5030 The Windows Firewall Service failed to start
5031 The Windows Firewall Service blocked an application from accepting incoming connections on the network.
5032 Windows Firewall was unable to notify the user that it blocked an application from accepting incoming conne
5033 The Windows Firewall Driver has started successfully
5034 The Windows Firewall Driver has been stopped
5035 The Windows Firewall Driver failed to start
5037 The Windows Firewall Driver detected critical runtime error. Terminating
5038 Code integrity determined that the image hash of a file is not valid
5039 A registry key was virtualized.
5040 A change has been made to IPsec settings. An Authentication Set was added.
5041 A change has been made to IPsec settings. An Authentication Set was modified
5042 A change has been made to IPsec settings. An Authentication Set was deleted
5043 A change has been made to IPsec settings. A Connection Security Rule was added
5044 A change has been made to IPsec settings. A Connection Security Rule was modified
5045 A change has been made to IPsec settings. A Connection Security Rule was deleted
5046 A change has been made to IPsec settings. A Crypto Set was added
5047 A change has been made to IPsec settings. A Crypto Set was modified
5048 A change has been made to IPsec settings. A Crypto Set was deleted
5049 An IPsec Security Association was deleted
5050 An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(F
5051 A file was virtualized
5056 A cryptographic self test was performed
5057 A cryptographic primitive operation failed
5058 Key file operation
5059 Key migration operation
5060 Verification operation failed
5061 Cryptographic operation
5062 A kernel-mode cryptographic self test was performed
5063 A cryptographic provider operation was attempted
5064 A cryptographic context operation was attempted
5065 A cryptographic context modification was attempted
5066 A cryptographic function operation was attempted
5067 A cryptographic function modification was attempted
5068 A cryptographic function provider operation was attempted
5069 A cryptographic function property operation was attempted
5070 A cryptographic function property operation was attempted
5071 Key access denied by Microsoft key distribution service
5120 OCSP Responder Service Started
5121 OCSP Responder Service Stopped
5122 A Configuration entry changed in the OCSP Responder Service
5123 A configuration entry changed in the OCSP Responder Service
5124 A security setting was updated on OCSP Responder Service
5125 A request was submitted to OCSP Responder Service
5126 Signing Certificate was automatically updated by the OCSP Responder Service
5127 The OCSP Revocation Provider successfully updated the revocation information
5136 A directory service object was modified
5137 A directory service object was created
5138 A directory service object was undeleted
5139 A directory service object was moved
5140 A network share object was accessed
5141 A directory service object was deleted
5142 A network share object was added.
5143 A network share object was modified
5144 A network share object was deleted.
5145 A network share object was checked to see whether client can be granted desired access
5146 The Windows Filtering Platform has blocked a packet
5147 A more restrictive Windows Filtering Platform filter has blocked a packet
5148 The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated
5149 The DoS attack has subsided and normal processing is being resumed.
5150 The Windows Filtering Platform has blocked a packet.
5151 A more restrictive Windows Filtering Platform filter has blocked a packet.
5152 The Windows Filtering Platform blocked a packet
5153 A more restrictive Windows Filtering Platform filter has blocked a packet
5154 The Windows Filtering Platform has permitted an application or service to listen on a port for incoming conne
5155 The Windows Filtering Platform has blocked an application or service from listening on a port for incoming co
5156 The Windows Filtering Platform has allowed a connection
5157 The Windows Filtering Platform has blocked a connection
5158 The Windows Filtering Platform has permitted a bind to a local port
5159 The Windows Filtering Platform has blocked a bind to a local port
5168 Spn check for SMB/SMB2 fails.
5169 A directory service object was modified
5170 A directory service object was modified during a background cleanup task
5376 Credential Manager credentials were backed up
5377 Credential Manager credentials were restored from a backup
5378 The requested credentials delegation was disallowed by policy
5379 Credential Manager credentials were read
5380 Vault Find Credential
5381 Vault credentials were read
5382 Vault credentials were read
5440 The following callout was present when the Windows Filtering Platform Base Filtering Engine started
5441 The following filter was present when the Windows Filtering Platform Base Filtering Engine started
5442 The following provider was present when the Windows Filtering Platform Base Filtering Engine started
5443 The following provider context was present when the Windows Filtering Platform Base Filtering Engine starte
5444 The following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started
5446 A Windows Filtering Platform callout has been changed
5447 A Windows Filtering Platform filter has been changed
5448 A Windows Filtering Platform provider has been changed
5449 A Windows Filtering Platform provider context has been changed
5450 A Windows Filtering Platform sub-layer has been changed
5451 An IPsec Quick Mode security association was established
5452 An IPsec Quick Mode security association ended
5453 An IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT
5456 PAStore Engine applied Active Directory storage IPsec policy on the computer
5457 PAStore Engine failed to apply Active Directory storage IPsec policy on the computer
5458 PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer
5459 PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer
5460 PAStore Engine applied local registry storage IPsec policy on the computer
5461 PAStore Engine failed to apply local registry storage IPsec policy on the computer
5462 PAStore Engine failed to apply some rules of the active IPsec policy on the computer
5463 PAStore Engine polled for changes to the active IPsec policy and detected no changes
5464 PAStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Ser
5465 PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully
5466 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory cann
5467 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can b
5468 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can b
5471 PAStore Engine loaded local storage IPsec policy on the computer
5472 PAStore Engine failed to load local storage IPsec policy on the computer
5473 PAStore Engine loaded directory storage IPsec policy on the computer
5474 PAStore Engine failed to load directory storage IPsec policy on the computer
5477 PAStore Engine failed to add quick mode filter
5478 IPsec Services has started successfully
5479 IPsec Services has been shut down successfully
5480 IPsec Services failed to get the complete list of network interfaces on the computer
5483 IPsec Services failed to initialize RPC server. IPsec Services could not be started
5484 IPsec Services has experienced a critical failure and has been shut down
5485 IPsec Services failed to process some IPsec filters on a plug-and-play event for network interfaces
5632 A request was made to authenticate to a wireless network
5633 A request was made to authenticate to a wired network
5712 A Remote Procedure Call (RPC) was attempted
5888 An object in the COM+ Catalog was modified
5889 An object was deleted from the COM+ Catalog
5890 An object was added to the COM+ Catalog
6144 Security policy in the group policy objects has been applied successfully
6145 One or more errors occured while processing security policy in the group policy objects
6272 Network Policy Server granted access to a user
6273 Network Policy Server denied access to a user
6274 Network Policy Server discarded the request for a user
6275 Network Policy Server discarded the accounting request for a user
6276 Network Policy Server quarantined a user
6277 Network Policy Server granted access to a user but put it on probation because the host did not meet the defi
6278 Network Policy Server granted full access to a user because the host met the defined health policy
6279 Network Policy Server locked the user account due to repeated failed authentication attempts
6280 Network Policy Server unlocked the user account
6281 Code Integrity determined that the page hashes of an image file are not valid...
6400 BranchCache: Received an incorrectly formatted response while discovering availability of content.
6401 BranchCache: Received invalid data from a peer. Data discarded.
6402 BranchCache: The message to the hosted cache offering it data is incorrectly formatted.
6403 BranchCache: The hosted cache sent an incorrectly formatted response to the client's message to offer it data
6404 BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.
6405 BranchCache: %2 instance(s) of event id %1 occurred.
6406 %1 registered to Windows Firewall to control filtering for the following:
6407 0.01
6408 Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.
6409 BranchCache: A service connection point object could not be parsed
6410 Code integrity determined that a file does not meet the security requirements to load into a process. This cou
6416 A new external device was recognized by the system.
6417 The FIPS mode crypto selftests succeeded
6418 The FIPS mode crypto selftests failed
6419 A request was made to disable a device
6420 A device was disabled
6421 A request was made to enable a device
6422 A device was enabled
6423 The installation of this device is forbidden by system policy
6424 The installation of this device was allowed, after having previously been forbidden by policy
8191 Highest System-Defined Audit Message Value

4660
4661
4662
4663
4664
4665
4666
4667
4668
ading to the loss of some audits.
nt Central Access Policy

he access control restrictions

e access control restrictions

ber of the Protected User group

ect only if they are members of the Remote Desktop Users group or Administrators group
ows Firewall
by Windows Firewall

t configured on this computer

ndex (SPI).
ons on the network.
pting incoming connections on the network

file.FirewallEnabled(FALSE
e; packets associated with this attack will be discarded.

rt for incoming connections

port for incoming connections

ngine started
ne started
Engine started
Filtering Engine started
Engine started
eying Modules (IKEEXT) service is not started

he computer
cy on the computer

ied them to IPsec Services

control successfully
Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead
Active Directory can be reached, and found no changes to the policy
Active Directory can be reached, found changes to the policy, and applied those changes

nterfaces

did not meet the defined health policy

alth policy

of content.
essage to offer it data.

to a process. This could be due to the use of shared sections or other issues
Serviço Código TODOS OS CÓDIGOS

Exchange 25000 Undocumented Exchange mailbox operation

Exchange 25001 Operation Copy - Copy item to another Exchange mailbox folder
Exchange 25002 Operation Create - Create item in Exchange mailbox
Exchange 25003 Operation FolderBind - Access Exchange mailbox folder
Exchange 25004 Operation HardDelete - Delete Exchange mailbox item permanently from Recoverable Ite
Exchange 25005 Operation MessageBind - Access Exchange mailbox item
Exchange 25006 Operation Move - Move item to another Exchange mailbox folder
Exchange 25007 Operation MoveToDeletedItems - Move Exchange mailbox item to Deleted Items folder
Exchange 25008 Operation SendAs - Send message using Send As Exchange mailbox permissions
Exchange 25009 Operation SendOnBehalf - Send message using Send on Behalf Exchange mailbox permiss
Exchange 25010 Operation SoftDelete - Delete Exchange mailbox item from Deleted Items folder
Exchange 25011 Operation Update - Update Exchange mailbox item's properties
Exchange 25100 Information Event - Mailbox audit policy applied
Exchange 25100 Undocumented Exchange admin operation
Exchange 25101 Add-ADPermission Exchange cmdlet issued
Exchange 25102 Add-AvailabilityAddressSpace Exchange cmdlet issued
Exchange 25103 Add-ContentFilterPhrase Exchange cmdlet issued
Exchange 25104 Add-DatabaseAvailabilityGroupServer Exchange cmdlet issued
Exchange 25105 Add-DistributionGroupMember Exchange cmdlet issued
Exchange 25106 Add-FederatedDomain Exchange cmdlet issued
Exchange 25107 Add-IPAllowListEntry Exchange cmdlet issued
Exchange 25108 Add-IPAllowListProvider Exchange cmdlet issued
Exchange 25109 Add-IPBlockListEntry Exchange cmdlet issued
Exchange 25110 Add-IPBlockListProvider Exchange cmdlet issued
Exchange 25111 Add-MailboxDatabaseCopy Exchange cmdlet issued
Exchange 25112 Add-MailboxFolderPermission Exchange cmdlet issued
Exchange 25113 Add-MailboxPermission Exchange cmdlet issued
Exchange 25114 Add-ManagementRoleEntry Exchange cmdlet issued
Exchange 25115 Add-PublicFolderAdministrativePermission Exchange cmdlet issued
Exchange 25116 Add-PublicFolderClientPermission Exchange cmdlet issued
Exchange 25117 Add-RoleGroupMember Exchange cmdlet issued
Exchange 25118 Clean-MailboxDatabase Exchange cmdlet issued
Exchange 25119 Clear-ActiveSyncDevice Exchange cmdlet issued
Exchange 25120 Clear-TextMessagingAccount Exchange cmdlet issued
Exchange 25121 Compare-TextMessagingVerificationCode Exchange cmdlet issued
Exchange 25122 Connect-Mailbox Exchange cmdlet issued
Exchange 25123 Disable-AddressListPaging Exchange cmdlet issued
Exchange 25124 Disable-CmdletExtensionAgent Exchange cmdlet issued
Exchange 25125 Disable-DistributionGroup Exchange cmdlet issued
Exchange 25126 Disable-InboxRule Exchange cmdlet issued
Exchange 25127 Disable-JournalRule Exchange cmdlet issued
Exchange 25128 Disable-Mailbox Exchange cmdlet issued
Exchange 25129 Disable-MailContact Exchange cmdlet issued
Exchange 25130 Disable-MailPublicFolder Exchange cmdlet issued
Exchange 25131 Disable-MailUser Exchange cmdlet issued
Exchange 25132 Disable-OutlookAnywhere Exchange cmdlet issued
Exchange 25133 Disable-OutlookProtectionRule Exchange cmdlet issued
Exchange 25134 Disable-RemoteMailbox Exchange cmdlet issued
Exchange 25135 Disable-ServiceEmailChannel Exchange cmdlet issued
Exchange 25136 Disable-TransportAgent Exchange cmdlet issued
Exchange 25137 Disable-TransportRule Exchange cmdlet issued
Exchange 25138 Disable-UMAutoAttendant Exchange cmdlet issued
Exchange 25139 Disable-UMIPGateway Exchange cmdlet issued
Exchange 25140 Disable-UMMailbox Exchange cmdlet issued
Exchange 25141 Disable-UMServer Exchange cmdlet issued
Exchange 25142 Dismount-Database Exchange cmdlet issued
Exchange 25143 Enable-AddressListPaging Exchange cmdlet issued
Exchange 25144 Enable-AntispamUpdates Exchange cmdlet issued
Exchange 25145 Enable-CmdletExtensionAgent Exchange cmdlet issued
Exchange 25146 Enable-DistributionGroup Exchange cmdlet issued
Exchange 25147 Enable-ExchangeCertificate Exchange cmdlet issued
Exchange 25148 Enable-InboxRule Exchange cmdlet issued
Exchange 25149 Enable-JournalRule Exchange cmdlet issued
Exchange 25150 Enable-Mailbox Exchange cmdlet issued
Exchange 25151 Enable-MailContact Exchange cmdlet issued
Exchange 25152 Enable-MailPublicFolder Exchange cmdlet issued
Exchange 25153 Enable-MailUser Exchange cmdlet issued
Exchange 25154 Enable-OutlookAnywhere Exchange cmdlet issued
Exchange 25155 Enable-OutlookProtectionRule Exchange cmdlet issued
Exchange 25156 Enable-RemoteMailbox Exchange cmdlet issued
Exchange 25157 Enable-ServiceEmailChannel Exchange cmdlet issued
Exchange 25158 Enable-TransportAgent Exchange cmdlet issued
Exchange 25159 Enable-TransportRule Exchange cmdlet issued
Exchange 25160 Enable-UMAutoAttendant Exchange cmdlet issued
Exchange 25161 Enable-UMIPGateway Exchange cmdlet issued
Exchange 25162 Enable-UMMailbox Exchange cmdlet issued
Exchange 25163 Enable-UMServer Exchange cmdlet issued
Exchange 25164 Export-ActiveSyncLog Exchange cmdlet issued
Exchange 25165 Export-AutoDiscoverConfig Exchange cmdlet issued
Exchange 25166 Export-ExchangeCertificate Exchange cmdlet issued
Exchange 25167 Export-JournalRuleCollection Exchange cmdlet issued
Exchange 25168 Export-MailboxDiagnosticLogs Exchange cmdlet issued
Exchange 25169 Export-Message Exchange cmdlet issued
Exchange 25170 Export-RecipientDataProperty Exchange cmdlet issued
Exchange 25171 Export-TransportRuleCollection Exchange cmdlet issued
Exchange 25172 Export-UMCallDataRecord Exchange cmdlet issued
Exchange 25173 Export-UMPrompt Exchange cmdlet issued
Exchange 25174 Import-ExchangeCertificate Exchange cmdlet issued
Exchange 25175 Import-JournalRuleCollection Exchange cmdlet issued
Exchange 25176 Import-RecipientDataProperty Exchange cmdlet issued
Exchange 25177 Import-TransportRuleCollection Exchange cmdlet issued
Exchange 25178 Import-UMPrompt Exchange cmdlet issued
Exchange 25179 Install-TransportAgent Exchange cmdlet issued
Exchange 25180 Mount-Database Exchange cmdlet issued
Exchange 25181 Move-ActiveMailboxDatabase Exchange cmdlet issued
Exchange 25182 Move-AddressList Exchange cmdlet issued
Exchange 25183 Move-DatabasePath Exchange cmdlet issued
Exchange 25184 Move-OfflineAddressBook Exchange cmdlet issued
Exchange 25185 New-AcceptedDomain Exchange cmdlet issued
Exchange 25186 New-ActiveSyncDeviceAccessRule Exchange cmdlet issued
Exchange 25187 New-ActiveSyncMailboxPolicy Exchange cmdlet issued
Exchange 25188 New-ActiveSyncVirtualDirectory Exchange cmdlet issued
Exchange 25189 New-AddressList Exchange cmdlet issued
Exchange 25190 New-AdminAuditLogSearch Exchange cmdlet issued
Exchange 25191 New-AutodiscoverVirtualDirectory Exchange cmdlet issued
Exchange 25192 New-AvailabilityReportOutage Exchange cmdlet issued
Exchange 25193 New-ClientAccessArray Exchange cmdlet issued
Exchange 25194 New-DatabaseAvailabilityGroup Exchange cmdlet issued
Exchange 25195 New-DatabaseAvailabilityGroupNetwork Exchange cmdlet issued
Exchange 25196 New-DeliveryAgentConnector Exchange cmdlet issued
Exchange 25197 New-DistributionGroup Exchange cmdlet issued
Exchange 25198 New-DynamicDistributionGroup Exchange cmdlet issued
Exchange 25199 New-EcpVirtualDirectory Exchange cmdlet issued
Exchange 25200 New-EdgeSubscription Exchange cmdlet issued
Exchange 25201 New-EdgeSyncServiceConfig Exchange cmdlet issued
Exchange 25202 New-EmailAddressPolicy Exchange cmdlet issued
Exchange 25203 New-ExchangeCertificate Exchange cmdlet issued
Exchange 25204 New-FederationTrust Exchange cmdlet issued
Exchange 25205 New-ForeignConnector Exchange cmdlet issued
Exchange 25206 New-GlobalAddressList Exchange cmdlet issued
Exchange 25207 New-InboxRule Exchange cmdlet issued
Exchange 25208 New-JournalRule Exchange cmdlet issued
Exchange 25209 New-Mailbox Exchange cmdlet issued
Exchange 25210 New-MailboxAuditLogSearch Exchange cmdlet issued
Exchange 25211 New-MailboxDatabase Exchange cmdlet issued
Exchange 25212 New-MailboxFolder Exchange cmdlet issued
Exchange 25213 New-MailboxRepairRequest Exchange cmdlet issued
Exchange 25214 New-MailboxRestoreRequest Exchange cmdlet issued
Exchange 25215 New-MailContact Exchange cmdlet issued
Exchange 25216 New-MailMessage Exchange cmdlet issued
Exchange 25217 New-MailUser Exchange cmdlet issued
Exchange 25218 New-ManagedContentSettings Exchange cmdlet issued
Exchange 25219 New-ManagedFolder Exchange cmdlet issued
Exchange 25220 New-ManagedFolderMailboxPolicy Exchange cmdlet issued
Exchange 25221 New-ManagementRole Exchange cmdlet issued
Exchange 25222 New-ManagementRoleAssignment Exchange cmdlet issued
Exchange 25223 New-ManagementScope Exchange cmdlet issued
Exchange 25224 New-MessageClassification Exchange cmdlet issued
Exchange 25225 New-MoveRequest Exchange cmdlet issued
Exchange 25226 New-OabVirtualDirectory Exchange cmdlet issued
Exchange 25227 New-OfflineAddressBook Exchange cmdlet issued
Exchange 25228 New-OrganizationRelationship Exchange cmdlet issued
Exchange 25229 New-OutlookProtectionRule Exchange cmdlet issued
Exchange 25230 New-OutlookProvider Exchange cmdlet issued
Exchange 25231 New-OwaMailboxPolicy Exchange cmdlet issued
Exchange 25232 New-OwaVirtualDirectory Exchange cmdlet issued
Exchange 25233 New-PublicFolder Exchange cmdlet issued
Exchange 25234 New-PublicFolderDatabase Exchange cmdlet issued
Exchange 25235 New-PublicFolderDatabaseRepairRequest Exchange cmdlet issued
Exchange 25236 New-ReceiveConnector Exchange cmdlet issued
Exchange 25237 New-RemoteDomain Exchange cmdlet issued
Exchange 25238 New-RemoteMailbox Exchange cmdlet issued
Exchange 25239 New-RetentionPolicy Exchange cmdlet issued
Exchange 25240 New-RetentionPolicyTag Exchange cmdlet issued
Exchange 25241 New-RoleAssignmentPolicy Exchange cmdlet issued
Exchange 25242 New-RoleGroup Exchange cmdlet issued
Exchange 25243 New-RoutingGroupConnector Exchange cmdlet issued
Exchange 25244 New-RpcClientAccess Exchange cmdlet issued
Exchange 25245 New-SendConnector Exchange cmdlet issued
Exchange 25246 New-SharingPolicy Exchange cmdlet issued
Exchange 25247 New-SystemMessage Exchange cmdlet issued
Exchange 25248 New-ThrottlingPolicy Exchange cmdlet issued
Exchange 25249 New-TransportRule Exchange cmdlet issued
Exchange 25250 New-UMAutoAttendant Exchange cmdlet issued
Exchange 25251 New-UMDialPlan Exchange cmdlet issued
Exchange 25252 New-UMHuntGroup Exchange cmdlet issued
Exchange 25253 New-UMIPGateway Exchange cmdlet issued
Exchange 25254 New-UMMailboxPolicy Exchange cmdlet issued
Exchange 25255 New-WebServicesVirtualDirectory Exchange cmdlet issued
Exchange 25256 New-X400AuthoritativeDomain Exchange cmdlet issued
Exchange 25257 Remove-AcceptedDomain Exchange cmdlet issued
Exchange 25258 Remove-ActiveSyncDevice Exchange cmdlet issued
Exchange 25259 Remove-ActiveSyncDeviceAccessRule Exchange cmdlet issued
Exchange 25260 Remove-ActiveSyncDeviceClass Exchange cmdlet issued
Exchange 25261 Remove-ActiveSyncMailboxPolicy Exchange cmdlet issued
Exchange 25262 Remove-ActiveSyncVirtualDirectory Exchange cmdlet issued
Exchange 25263 Remove-AddressList Exchange cmdlet issued
Exchange 25264 Remove-ADPermission Exchange cmdlet issued
Exchange 25265 Remove-AutodiscoverVirtualDirectory Exchange cmdlet issued
Exchange 25266 Remove-AvailabilityAddressSpace Exchange cmdlet issued
Exchange 25267 Remove-AvailabilityReportOutage Exchange cmdlet issued
Exchange 25268 Remove-ClientAccessArray Exchange cmdlet issued
Exchange 25269 Remove-ContentFilterPhrase Exchange cmdlet issued
Exchange 25270 Remove-DatabaseAvailabilityGroup Exchange cmdlet issued
Exchange 25271 Remove-DatabaseAvailabilityGroupNetwork Exchange cmdlet issued
Exchange 25272 Remove-DatabaseAvailabilityGroupServer Exchange cmdlet issued
Exchange 25273 Remove-DeliveryAgentConnector Exchange cmdlet issued
Exchange 25274 Remove-DistributionGroup Exchange cmdlet issued
Exchange 25275 Remove-DistributionGroupMember Exchange cmdlet issued
Exchange 25276 Remove-DynamicDistributionGroup Exchange cmdlet issued
Exchange 25277 Remove-EcpVirtualDirectory Exchange cmdlet issued
Exchange 25278 Remove-EdgeSubscription Exchange cmdlet issued
Exchange 25279 Remove-EmailAddressPolicy Exchange cmdlet issued
Exchange 25280 Remove-ExchangeCertificate Exchange cmdlet issued
Exchange 25281 Remove-FederatedDomain Exchange cmdlet issued
Exchange 25282 Remove-FederationTrust Exchange cmdlet issued
Exchange 25283 Remove-ForeignConnector Exchange cmdlet issued
Exchange 25284 Remove-GlobalAddressList Exchange cmdlet issued
Exchange 25285 Remove-InboxRule Exchange cmdlet issued
Exchange 25286 Remove-IPAllowListEntry Exchange cmdlet issued
Exchange 25287 Remove-IPAllowListProvider Exchange cmdlet issued
Exchange 25288 Remove-IPBlockListEntry Exchange cmdlet issued
Exchange 25289 Remove-IPBlockListProvider Exchange cmdlet issued
Exchange 25290 Remove-JournalRule Exchange cmdlet issued
Exchange 25291 Remove-Mailbox Exchange cmdlet issued
Exchange 25292 Remove-MailboxDatabase Exchange cmdlet issued
Exchange 25293 Remove-MailboxDatabaseCopy Exchange cmdlet issued
Exchange 25294 Remove-MailboxFolderPermission Exchange cmdlet issued
Exchange 25295 Remove-MailboxPermission Exchange cmdlet issued
Exchange 25296 Remove-MailboxRestoreRequest Exchange cmdlet issued
Exchange 25297 Remove-MailContact Exchange cmdlet issued
Exchange 25298 Remove-MailUser Exchange cmdlet issued
Exchange 25299 Remove-ManagedContentSettings Exchange cmdlet issued
Exchange 25300 Remove-ManagedFolder Exchange cmdlet issued
Exchange 25301 Remove-ManagedFolderMailboxPolicy Exchange cmdlet issued
Exchange 25302 Remove-ManagementRole Exchange cmdlet issued
Exchange 25303 Remove-ManagementRoleAssignment Exchange cmdlet issued
Exchange 25304 Remove-ManagementRoleEntry Exchange cmdlet issued
Exchange 25305 Remove-ManagementScope Exchange cmdlet issued
Exchange 25306 Remove-Message Exchange cmdlet issued
Exchange 25307 Remove-MessageClassification Exchange cmdlet issued
Exchange 25308 Remove-MoveRequest Exchange cmdlet issued
Exchange 25309 Remove-OabVirtualDirectory Exchange cmdlet issued
Exchange 25310 Remove-OfflineAddressBook Exchange cmdlet issued
Exchange 25311 Remove-OrganizationRelationship Exchange cmdlet issued
Exchange 25312 Remove-OutlookProtectionRule Exchange cmdlet issued
Exchange 25313 Remove-OutlookProvider Exchange cmdlet issued
Exchange 25314 Remove-OwaMailboxPolicy Exchange cmdlet issued
Exchange 25315 Remove-OwaVirtualDirectory Exchange cmdlet issued
Exchange 25316 Remove-PublicFolder Exchange cmdlet issued
Exchange 25317 Remove-PublicFolderAdministrativePermission Exchange cmdlet issued
Exchange 25318 Remove-PublicFolderClientPermission Exchange cmdlet issued
Exchange 25319 Remove-PublicFolderDatabase Exchange cmdlet issued
Exchange 25320 Remove-ReceiveConnector Exchange cmdlet issued
Exchange 25321 Remove-RemoteDomain Exchange cmdlet issued
Exchange 25322 Remove-RemoteMailbox Exchange cmdlet issued
Exchange 25323 Remove-RetentionPolicy Exchange cmdlet issued
Exchange 25324 Remove-RetentionPolicyTag Exchange cmdlet issued
Exchange 25325 Remove-RoleAssignmentPolicy Exchange cmdlet issued
Exchange 25326 Remove-RoleGroup Exchange cmdlet issued
Exchange 25327 Remove-RoleGroupMember Exchange cmdlet issued
Exchange 25328 Remove-RoutingGroupConnector Exchange cmdlet issued
Exchange 25329 Remove-RpcClientAccess Exchange cmdlet issued
Exchange 25330 Remove-SendConnector Exchange cmdlet issued
Exchange 25331 Remove-SharingPolicy Exchange cmdlet issued
Exchange 25332 Remove-StoreMailbox Exchange cmdlet issued
Exchange 25333 Remove-SystemMessage Exchange cmdlet issued
Exchange 25334 Remove-ThrottlingPolicy Exchange cmdlet issued
Exchange 25335 Remove-TransportRule Exchange cmdlet issued
Exchange 25336 Remove-UMAutoAttendant Exchange cmdlet issued
Exchange 25337 Remove-UMDialPlan Exchange cmdlet issued
Exchange 25338 Remove-UMHuntGroup Exchange cmdlet issued
Exchange 25339 Remove-UMIPGateway Exchange cmdlet issued
Exchange 25340 Remove-UMMailboxPolicy Exchange cmdlet issued
Exchange 25341 Remove-WebServicesVirtualDirectory Exchange cmdlet issued
Exchange 25342 Remove-X400AuthoritativeDomain Exchange cmdlet issued
Exchange 25343 Restore-DatabaseAvailabilityGroup Exchange cmdlet issued
Exchange 25344 Restore-DetailsTemplate Exchange cmdlet issued
Exchange 25345 Restore-Mailbox Exchange cmdlet issued
Exchange 25346 Resume-MailboxDatabaseCopy Exchange cmdlet issued
Exchange 25347 Resume-MailboxExportRequest Exchange cmdlet issued
Exchange 25348 Resume-MailboxRestoreRequest Exchange cmdlet issued
Exchange 25349 Resume-Message Exchange cmdlet issued
Exchange 25350 Resume-MoveRequest Exchange cmdlet issued
Exchange 25351 Resume-PublicFolderReplication Exchange cmdlet issued
Exchange 25352 Resume-Queue Exchange cmdlet issued
Exchange 25353 Retry-Queue Exchange cmdlet issued
Exchange 25354 Send-TextMessagingVerificationCode Exchange cmdlet issued
Exchange 25355 Set-AcceptedDomain Exchange cmdlet issued
Exchange 25356 Set-ActiveSyncDeviceAccessRule Exchange cmdlet issued
Exchange 25357 Set-ActiveSyncMailboxPolicy Exchange cmdlet issued
Exchange 25358 Set-ActiveSyncOrganizationSettings Exchange cmdlet issued
Exchange 25359 Set-ActiveSyncVirtualDirectory Exchange cmdlet issued
Exchange 25360 Set-AddressList Exchange cmdlet issued
Exchange 25361 Set-AdminAuditLogConfig Exchange cmdlet issued
Exchange 25362 Set-ADServerSettings Exchange cmdlet issued
Exchange 25363 Set-ADSite Exchange cmdlet issued
Exchange 25364 Set-AdSiteLink Exchange cmdlet issued
Exchange 25365 Set-AutodiscoverVirtualDirectory Exchange cmdlet issued
Exchange 25366 Set-AvailabilityConfig Exchange cmdlet issued
Exchange 25367 Set-AvailabilityReportOutage Exchange cmdlet issued
Exchange 25368 Set-CalendarNotification Exchange cmdlet issued
Exchange 25369 Set-CalendarProcessing Exchange cmdlet issued
Exchange 25370 Set-CASMailbox Exchange cmdlet issued
Exchange 25371 Set-ClientAccessArray Exchange cmdlet issued
Exchange 25372 Set-ClientAccessServer Exchange cmdlet issued
Exchange 25373 Set-CmdletExtensionAgent Exchange cmdlet issued
Exchange 25374 Set-Contact Exchange cmdlet issued
Exchange 25375 Set-ContentFilterConfig Exchange cmdlet issued
Exchange 25376 Set-DatabaseAvailabilityGroup Exchange cmdlet issued
Exchange 25377 Set-DatabaseAvailabilityGroupNetwork Exchange cmdlet issued
Exchange 25378 Set-DeliveryAgentConnector Exchange cmdlet issued
Exchange 25379 Set-DetailsTemplate Exchange cmdlet issued
Exchange 25380 Set-DistributionGroup Exchange cmdlet issued
Exchange 25381 Set-DynamicDistributionGroup Exchange cmdlet issued
Exchange 25382 Set-EcpVirtualDirectory Exchange cmdlet issued
Exchange 25383 Set-EdgeSyncServiceConfig Exchange cmdlet issued
Exchange 25384 Set-EmailAddressPolicy Exchange cmdlet issued
Exchange 25385 Set-EventLogLevel Exchange cmdlet issued
Exchange 25386 Set-ExchangeAssistanceConfig Exchange cmdlet issued
Exchange 25387 Set-ExchangeServer Exchange cmdlet issued
Exchange 25388 Set-FederatedOrganizationIdentifier Exchange cmdlet issued
Exchange 25389 Set-FederationTrust Exchange cmdlet issued
Exchange 25390 Set-ForeignConnector Exchange cmdlet issued
Exchange 25391 Set-GlobalAddressList Exchange cmdlet issued
Exchange 25392 Set-Group Exchange cmdlet issued
Exchange 25393 Set-ImapSettings Exchange cmdlet issued
Exchange 25394 Set-InboxRule Exchange cmdlet issued
Exchange 25395 Set-IPAllowListConfig Exchange cmdlet issued
Exchange 25396 Set-IPAllowListProvider Exchange cmdlet issued
Exchange 25397 Set-IPAllowListProvidersConfig Exchange cmdlet issued
Exchange 25398 Set-IPBlockListConfig Exchange cmdlet issued
Exchange 25399 Set-IPBlockListProvider Exchange cmdlet issued
Exchange 25400 Set-IPBlockListProvidersConfig Exchange cmdlet issued
Exchange 25401 Set-IRMConfiguration Exchange cmdlet issued
Exchange 25402 Set-JournalRule Exchange cmdlet issued
Exchange 25403 Set-Mailbox Exchange cmdlet issued
Exchange 25404 Set-MailboxAuditBypassAssociation Exchange cmdlet issued
Exchange 25405 Set-MailboxAutoReplyConfiguration Exchange cmdlet issued
Exchange 25406 Set-MailboxCalendarConfiguration Exchange cmdlet issued
Exchange 25407 Set-MailboxCalendarFolder Exchange cmdlet issued
Exchange 25408 Set-MailboxDatabase Exchange cmdlet issued
Exchange 25409 Set-MailboxDatabaseCopy Exchange cmdlet issued
Exchange 25410 Set-MailboxFolderPermission Exchange cmdlet issued
Exchange 25411 Set-MailboxJunkEmailConfiguration Exchange cmdlet issued
Exchange 25412 Set-MailboxMessageConfiguration Exchange cmdlet issued
Exchange 25413 Set-MailboxRegionalConfiguration Exchange cmdlet issued
Exchange 25414 Set-MailboxRestoreRequest Exchange cmdlet issued
Exchange 25415 Set-MailboxServer Exchange cmdlet issued
Exchange 25416 Set-MailboxSpellingConfiguration Exchange cmdlet issued
Exchange 25417 Set-MailContact Exchange cmdlet issued
Exchange 25418 Set-MailPublicFolder Exchange cmdlet issued
Exchange 25419 Set-MailUser Exchange cmdlet issued
Exchange 25420 Set-ManagedContentSettings Exchange cmdlet issued
Exchange 25421 Set-ManagedFolder Exchange cmdlet issued
Exchange 25422 Set-ManagedFolderMailboxPolicy Exchange cmdlet issued
Exchange 25423 Set-ManagementRoleAssignment Exchange cmdlet issued
Exchange 25424 Set-ManagementRoleEntry Exchange cmdlet issued
Exchange 25425 Set-ManagementScope Exchange cmdlet issued
Exchange 25426 Set-MessageClassification Exchange cmdlet issued
Exchange 25427 Set-MoveRequest Exchange cmdlet issued
Exchange 25428 Set-OabVirtualDirectory Exchange cmdlet issued
Exchange 25429 Set-OfflineAddressBook Exchange cmdlet issued
Exchange 25430 Set-OrganizationConfig Exchange cmdlet issued
Exchange 25431 Set-OrganizationRelationship Exchange cmdlet issued
Exchange 25432 Set-OutlookAnywhere Exchange cmdlet issued
Exchange 25433 Set-OutlookProtectionRule Exchange cmdlet issued
Exchange 25434 Set-OutlookProvider Exchange cmdlet issued
Exchange 25435 Set-OwaMailboxPolicy Exchange cmdlet issued
Exchange 25436 Set-OwaVirtualDirectory Exchange cmdlet issued
Exchange 25437 Set-PopSettings Exchange cmdlet issued
Exchange 25438 Set-PowerShellVirtualDirectory Exchange cmdlet issued
Exchange 25439 Set-PublicFolder Exchange cmdlet issued
Exchange 25440 Set-PublicFolderDatabase Exchange cmdlet issued
Exchange 25441 Set-ReceiveConnector Exchange cmdlet issued
Exchange 25442 Set-RecipientFilterConfig Exchange cmdlet issued
Exchange 25443 Set-RemoteDomain Exchange cmdlet issued
Exchange 25444 Set-RemoteMailbox Exchange cmdlet issued
Exchange 25445 Set-ResourceConfig Exchange cmdlet issued
Exchange 25446 Set-RetentionPolicy Exchange cmdlet issued
Exchange 25447 Set-RetentionPolicyTag Exchange cmdlet issued
Exchange 25448 Set-RoleAssignmentPolicy Exchange cmdlet issued
Exchange 25449 Set-RoleGroup Exchange cmdlet issued
Exchange 25450 Set-RoutingGroupConnector Exchange cmdlet issued
Exchange 25451 Set-RpcClientAccess Exchange cmdlet issued
Exchange 25452 Set-SendConnector Exchange cmdlet issued
Exchange 25453 Set-SenderFilterConfig Exchange cmdlet issued
Exchange 25454 Set-SenderIdConfig Exchange cmdlet issued
Exchange 25455 Set-SenderReputationConfig Exchange cmdlet issued
Exchange 25456 Set-SharingPolicy Exchange cmdlet issued
Exchange 25457 Set-SystemMessage Exchange cmdlet issued
Exchange 25458 Set-TextMessagingAccount Exchange cmdlet issued
Exchange 25459 Set-ThrottlingPolicy Exchange cmdlet issued
Exchange 25460 Set-ThrottlingPolicyAssociation Exchange cmdlet issued
Exchange 25461 Set-TransportAgent Exchange cmdlet issued
Exchange 25462 Set-TransportConfig Exchange cmdlet issued
Exchange 25463 Set-TransportRule Exchange cmdlet issued
Exchange 25464 Set-TransportServer Exchange cmdlet issued
Exchange 25465 Set-UMAutoAttendant Exchange cmdlet issued
Exchange 25466 Set-UMDialPlan Exchange cmdlet issued
Exchange 25467 Set-UMIPGateway Exchange cmdlet issued
Exchange 25468 Set-UMMailbox Exchange cmdlet issued
Exchange 25469 Set-UMMailboxPIN Exchange cmdlet issued
Exchange 25470 Set-UMMailboxPolicy Exchange cmdlet issued
Exchange 25471 Set-UmServer Exchange cmdlet issued
Exchange 25472 Set-User Exchange cmdlet issued
Exchange 25473 Set-WebServicesVirtualDirectory Exchange cmdlet issued
Exchange 25474 Set-X400AuthoritativeDomain Exchange cmdlet issued
Exchange 25475 Start-DatabaseAvailabilityGroup Exchange cmdlet issued
Exchange 25476 Start-EdgeSynchronization Exchange cmdlet issued
Exchange 25477 Start-ManagedFolderAssistant Exchange cmdlet issued
Exchange 25478 Start-RetentionAutoTagLearning Exchange cmdlet issued
Exchange 25479 Stop-DatabaseAvailabilityGroup Exchange cmdlet issued
Exchange 25480 Stop-ManagedFolderAssistant Exchange cmdlet issued
Exchange 25481 Suspend-MailboxDatabaseCopy Exchange cmdlet issued
Exchange 25482 Suspend-MailboxRestoreRequest Exchange cmdlet issued
Exchange 25483 Suspend-Message Exchange cmdlet issued
Exchange 25484 Suspend-MoveRequest Exchange cmdlet issued
Exchange 25485 Suspend-PublicFolderReplication Exchange cmdlet issued
Exchange 25486 Suspend-Queue Exchange cmdlet issued
Exchange 25487 Test-ActiveSyncConnectivity Exchange cmdlet issued
Exchange 25488 Test-AssistantHealth Exchange cmdlet issued
Exchange 25489 Test-CalendarConnectivity Exchange cmdlet issued
Exchange 25490 Test-EcpConnectivity Exchange cmdlet issued
Exchange 25491 Test-EdgeSynchronization Exchange cmdlet issued
Exchange 25492 Test-ExchangeSearch Exchange cmdlet issued
Exchange 25493 Test-FederationTrust Exchange cmdlet issued
Exchange 25494 Test-FederationTrustCertificate Exchange cmdlet issued
Exchange 25495 Test-ImapConnectivity Exchange cmdlet issued
Exchange 25496 Test-IPAllowListProvider Exchange cmdlet issued
Exchange 25497 Test-IPBlockListProvider Exchange cmdlet issued
Exchange 25498 Test-IRMConfiguration Exchange cmdlet issued
Exchange 25499 Test-Mailflow Exchange cmdlet issued
Exchange 25500 Test-MAPIConnectivity Exchange cmdlet issued
Exchange 25501 Test-MRSHealth Exchange cmdlet issued
Exchange 25502 Test-OrganizationRelationship Exchange cmdlet issued
Exchange 25503 Test-OutlookConnectivity Exchange cmdlet issued
Exchange 25504 Test-OutlookWebServices Exchange cmdlet issued
Exchange 25505 Test-OwaConnectivity Exchange cmdlet issued
Exchange 25506 Test-PopConnectivity Exchange cmdlet issued
Exchange 25507 Test-PowerShellConnectivity Exchange cmdlet issued
Exchange 25508 Test-ReplicationHealth Exchange cmdlet issued
Exchange 25509 Test-SenderId Exchange cmdlet issued
Exchange 25510 Test-ServiceHealth Exchange cmdlet issued
Exchange 25511 Test-SmtpConnectivity Exchange cmdlet issued
Exchange 25512 Test-SystemHealth Exchange cmdlet issued
Exchange 25513 Test-UMConnectivity Exchange cmdlet issued
Exchange 25514 Test-WebServicesConnectivity Exchange cmdlet issued
Exchange 25515 Uninstall-TransportAgent Exchange cmdlet issued
Exchange 25516 Update-AddressList Exchange cmdlet issued
Exchange 25517 Update-DistributionGroupMember Exchange cmdlet issued
Exchange 25518 Update-EmailAddressPolicy Exchange cmdlet issued
Exchange 25519 Update-FileDistributionService Exchange cmdlet issued
Exchange 25520 Update-GlobalAddressList Exchange cmdlet issued
Exchange 25521 Update-MailboxDatabaseCopy Exchange cmdlet issued
Exchange 25522 Update-OfflineAddressBook Exchange cmdlet issued
Exchange 25523 Update-PublicFolder Exchange cmdlet issued
Exchange 25524 Update-PublicFolderHierarchy Exchange cmdlet issued
Exchange 25525 Update-Recipient Exchange cmdlet issued
Exchange 25526 Update-RoleGroupMember Exchange cmdlet issued
Exchange 25527 Update-SafeList Exchange cmdlet issued
Exchange 25528 Write-AdminAuditLog Exchange cmdlet issued
Exchange 25529 Add-GlobalMonitoringOverride Exchange cmdlet issued
Exchange 25530 Add-ResubmitRequest Exchange cmdlet issued
Exchange 25531 Add-ServerMonitoringOverride Exchange cmdlet issued
Exchange 25532 Clear-MobileDevice Exchange cmdlet issued
Exchange 25533 Complete-MigrationBatch Exchange cmdlet issued
Exchange 25534 Disable-App Exchange cmdlet issued
Exchange 25535 Disable-MailboxQuarantine Exchange cmdlet issued
Exchange 25536 Disable-UMCallAnsweringRule Exchange cmdlet issued
Exchange 25537 Disable-UMService Exchange cmdlet issued
Exchange 25538 Dump-ProvisioningCache Exchange cmdlet issued
Exchange 25539 Enable-App Exchange cmdlet issued
Exchange 25540 Enable-MailboxQuarantine Exchange cmdlet issued
Exchange 25541 Enable-UMCallAnsweringRule Exchange cmdlet issued
Exchange 25542 Enable-UMService Exchange cmdlet issued
Exchange 25543 Export-DlpPolicyCollection Exchange cmdlet issued
Exchange 25544 Export-MigrationReport Exchange cmdlet issued
Exchange 25545 Import-DlpPolicyCollection Exchange cmdlet issued
Exchange 25546 Import-DlpPolicyTemplate Exchange cmdlet issued
Exchange 25547 Invoke-MonitoringProbe Exchange cmdlet issued
Exchange 25548 New-AddressBookPolicy Exchange cmdlet issued
Exchange 25549 New-App Exchange cmdlet issued
Exchange 25550 New-AuthServer Exchange cmdlet issued
Exchange 25551 New-ClassificationRuleCollection Exchange cmdlet issued
Exchange 25552 New-DlpPolicy Exchange cmdlet issued
Exchange 25553 New-HybridConfiguration Exchange cmdlet issued
Exchange 25554 New-MailboxExportRequest Exchange cmdlet issued
Exchange 25555 New-MailboxImportRequest Exchange cmdlet issued
Exchange 25556 New-MailboxSearch Exchange cmdlet issued
Exchange 25557 New-MalwareFilterPolicy Exchange cmdlet issued
Exchange 25558 New-MigrationBatch Exchange cmdlet issued
Exchange 25559 New-MigrationEndpoint Exchange cmdlet issued
Exchange 25560 New-MobileDeviceMailboxPolicy Exchange cmdlet issued
Exchange 25561 New-OnPremisesOrganization Exchange cmdlet issued
Exchange 25562 New-PartnerApplication Exchange cmdlet issued
Exchange 25563 New-PolicyTipConfig Exchange cmdlet issued
Exchange 25564 New-PowerShellVirtualDirectory Exchange cmdlet issued
Exchange 25565 New-PublicFolderMigrationRequest Exchange cmdlet issued
Exchange 25566 New-ResourcePolicy Exchange cmdlet issued
Exchange 25567 New-SiteMailboxProvisioningPolicy Exchange cmdlet issued
Exchange 25568 New-SyncMailPublicFolder Exchange cmdlet issued
Exchange 25569 New-UMCallAnsweringRule Exchange cmdlet issued
Exchange 25570 New-WorkloadManagementPolicy Exchange cmdlet issued
Exchange 25571 New-WorkloadPolicy Exchange cmdlet issued
Exchange 25572 Redirect-Message Exchange cmdlet issued
Exchange 25573 Remove-AddressBookPolicy Exchange cmdlet issued
Exchange 25574 Remove-App Exchange cmdlet issued
Exchange 25575 Remove-AuthServer Exchange cmdlet issued
Exchange 25576 Remove-ClassificationRuleCollection Exchange cmdlet issued
Exchange 25577 Remove-DlpPolicy Exchange cmdlet issued
Exchange 25578 Remove-DlpPolicyTemplate Exchange cmdlet issued
Exchange 25579 Remove-GlobalMonitoringOverride Exchange cmdlet issued
Exchange 25580 Remove-HybridConfiguration Exchange cmdlet issued
Exchange 25581 Remove-LinkedUser Exchange cmdlet issued
Exchange 25582 Remove-MailboxExportRequest Exchange cmdlet issued
Exchange 25583 Remove-MailboxImportRequest Exchange cmdlet issued
Exchange 25584 Remove-MailboxSearch Exchange cmdlet issued
Exchange 25585 Remove-MalwareFilterPolicy Exchange cmdlet issued
Exchange 25586 Remove-MalwareFilterRecoveryItem Exchange cmdlet issued
Exchange 25587 Remove-MigrationBatch Exchange cmdlet issued
Exchange 25588 Remove-MigrationEndpoint Exchange cmdlet issued
Exchange 25589 Remove-MigrationUser Exchange cmdlet issued
Exchange 25590 Remove-MobileDevice Exchange cmdlet issued
Exchange 25591 Remove-MobileDeviceMailboxPolicy Exchange cmdlet issued
Exchange 25592 Remove-OnPremisesOrganization Exchange cmdlet issued
Exchange 25593 Remove-PartnerApplication Exchange cmdlet issued
Exchange 25594 Remove-PolicyTipConfig Exchange cmdlet issued
Exchange 25595 Remove-PowerShellVirtualDirectory Exchange cmdlet issued
Exchange 25596 Remove-PublicFolderMigrationRequest Exchange cmdlet issued
Exchange 25597 Remove-ResourcePolicy Exchange cmdlet issued
Exchange 25598 Remove-ResubmitRequest Exchange cmdlet issued
Exchange 25599 Remove-SiteMailboxProvisioningPolicy Exchange cmdlet issued
Exchange 25600 Remove-UMCallAnsweringRule Exchange cmdlet issued
Exchange 25601 Remove-UserPhoto Exchange cmdlet issued
Exchange 25602 Remove-WorkloadManagementPolicy Exchange cmdlet issued
Exchange 25603 Remove-WorkloadPolicy Exchange cmdlet issued
Exchange 25604 Reset-ProvisioningCache Exchange cmdlet issued
Exchange 25605 Resume-MailboxImportRequest Exchange cmdlet issued
Exchange 25606 Resume-MalwareFilterRecoveryItem Exchange cmdlet issued
Exchange 25607 Resume-PublicFolderMigrationRequest Exchange cmdlet issued
Exchange 25608 Set-ActiveSyncDeviceAccessRule Exchange cmdlet issued
Exchange 25609 Set-AddressBookPolicy Exchange cmdlet issued
Exchange 25610 Set-App Exchange cmdlet issued
Exchange 25611 Set-AuthConfig Exchange cmdlet issued
Exchange 25612 Set-AuthServer Exchange cmdlet issued
Exchange 25613 Set-ClassificationRuleCollection Exchange cmdlet issued
Exchange 25614 Set-DlpPolicy Exchange cmdlet issued
Exchange 25615 Set-FrontendTransportService Exchange cmdlet issued
Exchange 25616 Set-HybridConfiguration Exchange cmdlet issued
Exchange 25617 Set-HybridMailflow Exchange cmdlet issued
Exchange 25618 Set-MailboxExportRequest Exchange cmdlet issued
Exchange 25619 Set-MailboxImportRequest Exchange cmdlet issued
Exchange 25620 Set-MailboxSearch Exchange cmdlet issued
Exchange 25621 Set-MailboxTransportService Exchange cmdlet issued
Exchange 25622 Set-MalwareFilteringServer Exchange cmdlet issued
Exchange 25623 Set-MalwareFilterPolicy Exchange cmdlet issued
Exchange 25624 Set-MigrationBatch Exchange cmdlet issued
Exchange 25625 Set-MigrationConfig Exchange cmdlet issued
Exchange 25626 Set-MigrationEndpoint Exchange cmdlet issued
Exchange 25627 Set-MobileDeviceMailboxPolicy Exchange cmdlet issued
Exchange 25628 Set-Notification Exchange cmdlet issued
Exchange 25629 Set-OnPremisesOrganization Exchange cmdlet issued
Exchange 25630 Set-PartnerApplication Exchange cmdlet issued
Exchange 25631 Set-PendingFederatedDomain Exchange cmdlet issued
Exchange 25632 Set-PolicyTipConfig Exchange cmdlet issued
Exchange 25633 Set-PublicFolderMigrationRequest Exchange cmdlet issued
Exchange 25634 Set-ResourcePolicy Exchange cmdlet issued
Exchange 25635 Set-ResubmitRequest Exchange cmdlet issued
Exchange 25636 Set-RMSTemplate Exchange cmdlet issued
Exchange 25637 Set-ServerComponentState Exchange cmdlet issued
Exchange 25638 Set-ServerMonitor Exchange cmdlet issued
Exchange 25639 Set-SiteMailbox Exchange cmdlet issued
Exchange 25640 Set-SiteMailboxProvisioningPolicy Exchange cmdlet issued
Exchange 25641 Set-TransportService Exchange cmdlet issued
Exchange 25642 Set-UMCallAnsweringRule Exchange cmdlet issued
Exchange 25643 Set-UMCallRouterSettings Exchange cmdlet issued
Exchange 25644 Set-UMService Exchange cmdlet issued
Exchange 25645 Set-UserPhoto Exchange cmdlet issued
Exchange 25646 Set-WorkloadPolicy Exchange cmdlet issued
Exchange 25647 Start-MailboxSearch Exchange cmdlet issued
Exchange 25648 Start-MigrationBatch Exchange cmdlet issued
Exchange 25649 Stop-MailboxSearch Exchange cmdlet issued
Exchange 25650 Stop-MigrationBatch Exchange cmdlet issued
Exchange 25651 Suspend-MailboxExportRequest Exchange cmdlet issued
Exchange 25652 Suspend-MailboxImportRequest Exchange cmdlet issued
Exchange 25653 Suspend-PublicFolderMigrationRequest Exchange cmdlet issued
Exchange 25654 Test-ArchiveConnectivity Exchange cmdlet issued
Exchange 25655 Test-MigrationServerAvailability Exchange cmdlet issued
Exchange 25656 Test-OAuthConnectivity Exchange cmdlet issued
Exchange 25657 Test-SiteMailbox Exchange cmdlet issued
Exchange 25658 Update-HybridConfiguration Exchange cmdlet issued
Exchange 25659 Update-PublicFolderMailbox Exchange cmdlet issued
Exchange 25660 Update-SiteMailbox Exchange cmdlet issued
Exchange 25661 Add-AttachmentFilterEntry Exchange cmdlet issued
Exchange 25662 Remove-AttachmentFilterEntry Exchange cmdlet issued
Exchange 25663 New-AddressRewriteEntry Exchange cmdlet issued
Exchange 25664 Remove-AddressRewriteEntry Exchange cmdlet issued
Exchange 25665 Set-AddressRewriteEntry Exchange cmdlet issued
Exchange 25666 Set-AttachmentFilterListConfig Exchange cmdlet issued
Exchange 25667 Set-MailboxSentItemsConfiguration Exchange cmdlet issued
Exchange 25668 Update-MovedMailbox Exchange cmdlet issued
Exchange 25669 Disable-MalwareFilterRule Exchange cmdlet issued
Exchange 25670 Enable-MalwareFilterRule Exchange cmdlet issued
Exchange 25671 New-MalwareFilterRule Exchange cmdlet issued
Exchange 25672 Remove-MalwareFilterRule Exchange cmdlet issued
Exchange 25673 Set-MalwareFilterRule Exchange cmdlet issued
Exchange 25674 Remove-MailboxRepairRequest Exchange cmdlet issued
Exchange 25675 Remove-ServerMonitoringOverride Exchange cmdlet issued
Exchange 25676 Update-ExchangeHelp Exchange cmdlet issued
Exchange 25677 Update-StoreMailboxState Exchange cmdlet issued
Exchange 25678 Disable-PushNotificationProxy Exchange cmdlet issued
Exchange 25679 Enable-PushNotificationProxy Exchange cmdlet issued
Exchange 25680 New-PublicFolderMoveRequest Exchange cmdlet issued
Exchange 25681 Remove-PublicFolderMoveRequest Exchange cmdlet issued
Exchange 25682 Resume-PublicFolderMoveRequest Exchange cmdlet issued
Exchange 25683 Set-PublicFolderMoveRequest Exchange cmdlet issued
Exchange 25684 Suspend-PublicFolderMoveRequest Exchange cmdlet issued
Exchange 25685 Update-DatabaseSchema Exchange cmdlet issued
Exchange 25686 Set-SearchDocumentFormat Exchange cmdlet issued
Exchange 25687 New-AuthRedirect Exchange cmdlet issued
Exchange 25688 New-CompliancePolicySyncNotification Exchange cmdlet issued
Exchange 25689 New-ComplianceServiceVirtualDirectory Exchange cmdlet issued
Exchange 25690 New-DatabaseAvailabilityGroupConfiguration Exchange cmdlet issued
Exchange 25691 New-DataClassification Exchange cmdlet issued
Exchange 25692 New-Fingerprint Exchange cmdlet issued
Exchange 25693 New-IntraOrganizationConnector Exchange cmdlet issued
Exchange 25694 New-MailboxDeliveryVirtualDirectory Exchange cmdlet issued
Exchange 25695 New-MapiVirtualDirectory Exchange cmdlet issued
Exchange 25696 New-OutlookServiceVirtualDirectory Exchange cmdlet issued
Exchange 25697 New-RestVirtualDirectory Exchange cmdlet issued
Exchange 25698 New-SearchDocumentFormat Exchange cmdlet issued
Exchange 25699 New-SettingOverride Exchange cmdlet issued
Exchange 25700 New-SiteMailbox Exchange cmdlet issued
Exchange 25701 Remove-AuthRedirect Exchange cmdlet issued
Exchange 25702 Remove-CompliancePolicySyncNotification Exchange cmdlet issued
Exchange 25703 Remove-ComplianceServiceVirtualDirectory Exchange cmdlet issued
Exchange 25704 Remove-DatabaseAvailabilityGroupConfiguration Exchange cmdlet issued
Exchange 25705 Remove-DataClassification Exchange cmdlet issued
Exchange 25706 Remove-IntraOrganizationConnector Exchange cmdlet issued
Exchange 25707 Remove-MailboxDeliveryVirtualDirectory Exchange cmdlet issued
 Exchange 25708 Remove-MapiVirtualDirectory Exchange cmdlet issued
Exchange 25709 Remove-OutlookServiceVirtualDirectory Exchange cmdlet issued
Exchange 25710 Remove-PublicFolderMailboxMigrationRequest Exchange cmdlet issued
Exchange 25711 Remove-PushNotificationSubscription Exchange cmdlet issued
Exchange 25712 Remove-RestVirtualDirectory Exchange cmdlet issued
Exchange 25713 Remove-SearchDocumentFormat Exchange cmdlet issued
Exchange 25714 Remove-SettingOverride Exchange cmdlet issued
Exchange 25715 Remove-SyncMailPublicFolder Exchange cmdlet issued
Exchange 25716 Resume-PublicFolderMailboxMigrationRequest Exchange cmdlet issued
Exchange 25717 Send-MapiSubmitSystemProbe Exchange cmdlet issued
Exchange 25718 Set-AuthRedirect Exchange cmdlet issued
Exchange 25719 Set-ClientAccessService Exchange cmdlet issued
Exchange 25720 Set-Clutter Exchange cmdlet issued
Exchange 25721 Set-ComplianceServiceVirtualDirectory Exchange cmdlet issued
Exchange 25722 Set-ConsumerMailbox Exchange cmdlet issued
Exchange 25723 Set-DatabaseAvailabilityGroupConfiguration Exchange cmdlet issued
Exchange 25724 Set-DataClassification Exchange cmdlet issued
Exchange 25725 Set-IntraOrganizationConnector Exchange cmdlet issued
Exchange 25726 Set-LogExportVirtualDirectory Exchange cmdlet issued
Exchange 25727 Set-MailboxDeliveryVirtualDirectory Exchange cmdlet issued
Exchange 25728 Set-MapiVirtualDirectory Exchange cmdlet issued
Exchange 25729 Set-OutlookServiceVirtualDirectory Exchange cmdlet issued
Exchange 25730 Set-PublicFolderMailboxMigrationRequest Exchange cmdlet issued
Exchange 25731 Set-RestVirtualDirectory Exchange cmdlet issued
Exchange 25732 Set-SettingOverride Exchange cmdlet issued
Exchange 25733 Set-SmimeConfig Exchange cmdlet issued
Exchange 25734 Set-SubmissionMalwareFilteringServer Exchange cmdlet issued
Exchange 25735 Set-UMMailboxConfiguration Exchange cmdlet issued
Exchange 25736 Set-UnifiedAuditSetting Exchange cmdlet issued
Exchange 25737 Start-AuditAssistant Exchange cmdlet issued
Exchange 25738 Start-UMPhoneSession Exchange cmdlet issued
Exchange 25739 Stop-UMPhoneSession Exchange cmdlet issued
Exchange 25740 Test-DataClassification Exchange cmdlet issued
Exchange 25741 Test-TextExtraction Exchange cmdlet issued
SharePoint 11 Site collection audit policy changed
SharePoint 12 Audit policy changed
SharePoint 13 Document checked in
SharePoint 14 Document checked out
SharePoint 15 Child object deleted
SharePoint 16 Child object moved
SharePoint 17 Object copied
SharePoint 18 Custom event
SharePoint 19 Object deleted
SharePoint 20 SharePoint audit logs deleted
SharePoint 21 Object moved
SharePoint 22 Object profile changed
SharePoint 23 SharePoint object structure changed
SharePoint 24 Search performed
SharePoint 25 SharePoint group created
SharePoint 26 SharePoint group deleted
SharePoint 27 SharePoint group member added
SharePoint 28 SharePoint group member removed
SharePoint 29 Unique permissions created
SharePoint 30 Unique permissions removed
SharePoint 31 Permissions updated
SharePoint 32 Permissions removed
SharePoint 33 Unique permission levels created
SharePoint 34 Permission level created
SharePoint 35 Permission level deleted
SharePoint 36 Permission level modified
SharePoint 37 SharePoint site collection administrator added
SharePoint 38 SharePoint site collection administrator removed
SharePoint 39 Object restored
SharePoint 40 Site collection updated
SharePoint 41 Web updated
SharePoint 42 Document library updated
SharePoint 43 Document updated
SharePoint 44 List updated
SharePoint 45 List item updated
SharePoint 46 Folder updated
SharePoint 47 Document viewed
SharePoint 48 Document library viewed
SharePoint 49 List viewed
SharePoint 50 Object viewed
SharePoint 51 Workflow accessed
SharePoint 52 Information management policy created
SharePoint 53 Information management policy changed
SharePoint 54 Site collection information management policy created
SharePoint 55 Site collection information management policy changed
SharePoint 56 Export of objects started
SharePoint 57 Export of objects completed
SharePoint 58 Import of objects started
SharePoint 59 Import of objects completed
SharePoint 60 Possible tampering warning
SharePoint 61 Retention policy processed
SharePoint 62 Document fragment updated
SharePoint 63 Content type imported
SharePoint 64 Information management policy deleted
SharePoint 65 Item declared as a record
SharePoint 66 Item undeclared as a record
SharePoint 67 Netwrix SharePoint Audit Event
SQL Server 24000 SQL audit event
SQL Server 24001 Login succeeded (action_id LGIS)
SQL Server 24002 Logout succeeded (action_id LGO)
SQL Server 24003 Login failed (action_id LGIF)
SQL Server 24004 Change own password succeeded (action_id PWCS; class_type LX)
SQL Server 24005 Change own password failed (action_id PWCS; class_type LX)
SQL Server 24006 Change password succeeded (action_id PWC class_type LX)
SQL Server 24007 Change password failed (action_id PWC class_type LX)
SQL Server 24008 Reset own password succeeded (action_id PWRS; class_type LX)
SQL Server 24009 Reset own password failed (action_id PWRS; class_type LX)
SQL Server 24010 Reset password succeeded (action_id PWR; class_type LX)
SQL Server 24011 Reset password failed (action_id PWR; class_type LX)
SQL Server 24012 Must change password (action_id PWMC)
SQL Server 24013 Account unlocked (action_id PWU)
SQL Server 24014 Change application role password succeeded (action_id PWC; class_type AR)
SQL Server 24015 Change application role password failed (action_id PWC class_type AR)
SQL Server 24016 Add member to server role succeeded (action_id APRL class_type SG)
SQL Server 24017 Add member to server role failed (action_id APRL class_type SG)
SQL Server 24018 Remove member from server role succeeded (action_id DPRL class_type SG)
SQL Server 24019 Remove member from server role failed (action_id DPRL class_type SG)
SQL Server 24020 Add member to database role succeeded (action_id APRL class_type RL)
SQL Server 24021 Add member to database role failed (action_id APRL class_type RL)
SQL Server 24022 Remove member from database role succeeded (action_id DPRL class_type RL)
SQL Server 24023 Remove member from database role failed (action_id DPRL class_type RL)
SQL Server 24024 Issued database backup command (action_id BA class_type DB)
SQL Server 24025 Issued transaction log backup command (action_id BAL)
SQL Server 24026 Issued database restore command (action_id RS class_type DB)
SQL Server 24027 Issued transaction log restore command (action_id RS class_type DB)
SQL Server 24028 Issued database console command (action_id DBCC)
SQL Server 24029 Issued a bulk administration command (action_id ADBO)
SQL Server 24030 Issued an alter connection command (action_id ALCN)
SQL Server 24031 Issued an alter resources command (action_id ALRS)
SQL Server 24032 Issued an alter server state command (action_id ALSS)
SQL Server 24033 Issued an alter server settings command (action_id ALST)
SQL Server 24034 Issued a view server state command (action_id VSST)
SQL Server 24035 Issued an external access assembly command (action_id XA)
SQL Server 24036 Issued an unsafe assembly command (action_id XU)
SQL Server 24037 Issued an alter resource governor command (action_id ALRS class_type RG)
SQL Server 24038 Issued a database authenticate command (action_id AUTH)
SQL Server 24039 Issued a database checkpoint command (action_id CP)
SQL Server 24040 Issued a database show plan command (action_id SPLN)
SQL Server 24041 Issued a subscribe to query information command (action_id SUQN)
SQL Server 24042 Issued a view database state command (action_id VDST)
SQL Server 24043 Issued a change server audit command (action_id AL class_type A)
SQL Server 24044 Issued a change server audit specification command (action_id AL class_type SA)
SQL Server 24045 Issued a change database audit specification command (action_id AL class_type DA)
SQL Server 24046 Issued a create server audit command (action_id CR class_type A)
SQL Server 24047 Issued a create server audit specification command (action_id CR class_type SA)
SQL Server 24048 Issued a create database audit specification command (action_id CR class_type DA)
SQL Server 24049 Issued a delete server audit command (action_id DR class_type A)
SQL Server 24050 Issued a delete server audit specification command (action_id DR class_type SA)
SQL Server 24051 Issued a delete database audit specification command (action_id DR class_type DA)
SQL Server 24052 Audit failure (action_id AUSF)
SQL Server 24053 Audit session changed (action_id AUSC)
SQL Server 24054 Started SQL server (action_id SVSR)
SQL Server 24055 Paused SQL server (action_id SVPD)
SQL Server 24056 Resumed SQL server (action_id SVCN)
SQL Server 24057 Stopped SQL server (action_id SVSD)
SQL Server 24058 Issued a create server object command (action_id CR; class_type AG, EP, SD, SE, T)
SQL Server 24059 Issued a change server object command (action_id AL; class_type AG, EP, SD, SE, T)
SQL Server 24060 Issued a delete server object command (action_id DR; class_type AG, EP, SD, SE, T)
SQL Server 24061 Issued a create server setting command (action_id CR class_type SR)
SQL Server 24062 Issued a change server setting command (action_id AL class_type SR)
SQL Server 24063 Issued a delete server setting command (action_id DR class_type SR)
SQL Server 24064 Issued a create server cryptographic provider command (action_id CR class_type CP)
SQL Server 24065 Issued a delete server cryptographic provider command (action_id DR class_type CP)
SQL Server 24066 Issued a change server cryptographic provider command (action_id AL class_type CP)
SQL Server 24067 Issued a create server credential command (action_id CR class_type CD)
SQL Server 24068 Issued a delete server credential command (action_id DR class_type CD)
SQL Server 24069 Issued a change server credential command (action_id AL class_type CD)
SQL Server 24070 Issued a change server master key command (action_id AL class_type MK)
SQL Server 24071 Issued a back up server master key command (action_id BA class_type MK)
SQL Server 24072 Issued a restore server master key command (action_id RS class_type MK)
SQL Server 24073 Issued a map server credential to login command (action_id CMLG)
SQL Server 24074 Issued a remove map between server credential and login command (action_id NMLG)
SQL Server 24075 Issued a create server principal command (action_id CR class_type LX, SL)
SQL Server 24076 Issued a delete server principal command (action_id DR class_type LX, SL)
SQL Server 24077 Issued a change server principal credentials command (action_id CCLG)
SQL Server 24078 Issued a disable server principal command (action_id LGDA)
SQL Server 24079 Issued a change server principal default database command (action_id LGDB)
SQL Server 24080 Issued an enable server principal command (action_id LGEA)
SQL Server 24081 Issued a change server principal default language command (action_id LGLG)
SQL Server 24082 Issued a change server principal password expiration command (action_id PWEX)
SQL Server 24083 Issued a change server principal password policy command (action_id PWPL)
SQL Server 24084 Issued a change server principal name command (action_id LGNM)
SQL Server 24085 Issued a create database command (action_id CR class_type DB)
SQL Server 24086 Issued a change database command (action_id AL class_type DB)
SQL Server 24087 Issued a delete database command (action_id DR class_type DB)
SQL Server 24088 Issued a create certificate command (action_id CR class_type CR)
SQL Server 24089 Issued a change certificate command (action_id AL class_type CR)
SQL Server 24090 Issued a delete certificate command (action_id DR class_type CR)
SQL Server 24091 Issued a back up certificate command (action_id BA class_type CR)
SQL Server 24092 Issued an access certificate command (action_id AS class_type CR)
SQL Server 24093 Issued a create asymmetric key command (action_id CR class_type AK)
SQL Server 24094 Issued a change asymmetric key command (action_id AL class_type AK)
SQL Server 24095 Issued a delete asymmetric key command (action_id DR class_type AK)
SQL Server 24096 Issued an access asymmetric key command (action_id AS class_type AK)
SQL Server 24097 Issued a create database master key command (action_id CR class_type MK)
SQL Server 24098 Issued a change database master key command (action_id AL class_type MK)
SQL Server 24099 Issued a delete database master key command (action_id DR class_type MK)
SQL Server 24100 Issued a back up database master key command (action_id BA class_type MK)
SQL Server 24101 Issued a restore database master key command (action_id RS class_type MK)
SQL Server 24102 Issued an open database master key command (action_id OP class_type MK)
SQL Server 24103 Issued a create database symmetric key command (action_id CR class_type SK)
SQL Server 24104 Issued a change database symmetric key command (action_id AL class_type SK)
SQL Server 24105 Issued a delete database symmetric key command (action_id DR class_type SK)
SQL Server 24106 Issued a back up database symmetric key command (action_id BA class_type SK)
SQL Server 24107 Issued an open database symmetric key command (action_id OP class_type SK)
SQL Server 24108 Issued a create database object command (action_id CR)
SQL Server 24109 Issued a change database object command (action_id AL)
SQL Server 24110 Issued a delete database object command (action_id DR)
SQL Server 24111 Issued an access database object command (action_id AS)
SQL Server 24112 Issued a create assembly command (action_id CR class_type AS)
SQL Server 24113 Issued a change assembly command (action_id AL class_type AS)
SQL Server 24114 Issued a delete assembly command (action_id DR class_type AS)
SQL Server 24115 Issued a create schema command (action_id CR class_type SC)
SQL Server 24116 Issued a change schema command (action_id AL class_type SC)
SQL Server 24117 Issued a delete schema command (action_id DR class_type SC)
SQL Server 24118 Issued a create database encryption key command (action_id CR class_type DK)
SQL Server 24119 Issued a change database encryption key command (action_id AL class_type DK)
SQL Server 24120 Issued a delete database encryption key command (action_id DR class_type DK)
SQL Server 24121 Issued a create database user command (action_id CR; class_type US)
SQL Server 24122 Issued a change database user command (action_id AL; class_type US)
SQL Server 24123 Issued a delete database user command (action_id DR; class_type US)
SQL Server 24124 Issued a create database role command (action_id CR class_type RL)
SQL Server 24125 Issued a change database role command (action_id AL class_type RL)
SQL Server 24126 Issued a delete database role command (action_id DR class_type RL)
SQL Server 24127 Issued a create application role command (action_id CR class_type AR)
SQL Server 24128 Issued a change application role command (action_id AL class_type AR)
SQL Server 24129 Issued a delete application role command (action_id DR class_type AR)
SQL Server 24130 Issued a change database user login command (action_id USAF)
SQL Server 24131 Issued an auto-change database user login command (action_id USLG)
SQL Server 24132 Issued a create schema object command (action_id CR class_type D)
SQL Server 24133 Issued a change schema object command (action_id AL class_type D)
SQL Server 24134 Issued a delete schema object command (action_id DR class_type D)
SQL Server 24135 Issued a transfer schema object command (action_id TRO class_type D)
SQL Server 24136 Issued a create schema type command (action_id CR class_type TY)
SQL Server 24137 Issued a change schema type command (action_id AL class_type TY)
SQL Server 24138 Issued a delete schema type command (action_id DR class_type TY)
SQL Server 24139 Issued a transfer schema type command (action_id TRO class_type TY)
SQL Server 24140 Issued a create XML schema collection command (action_id CR class_type SX)
SQL Server 24141 Issued a change XML schema collection command (action_id AL class_type SX)
SQL Server 24142 Issued a delete XML schema collection command (action_id DR class_type SX)
SQL Server 24143 Issued a transfer XML schema collection command (action_id TRO class_type SX)
SQL Server 24144 Issued an impersonate within server scope command (action_id IMP; class_type LX)
SQL Server 24145 Issued an impersonate within database scope command (action_id IMP; class_type US)
SQL Server 24146 Issued a change server object owner command (action_id TO class_type SG)
SQL Server 24147 Issued a change database owner command (action_id TO class_type DB)
SQL Server 24148 Issued a change schema owner command (action_id TO class_type SC)
SQL Server 24150 Issued a change role owner command (action_id TO class_type RL)
SQL Server 24151 Issued a change database object owner command (action_id TO)
SQL Server 24152 Issued a change symmetric key owner command (action_id TO class_type SK)
SQL Server 24153 Issued a change certificate owner command (action_id TO class_type CR)
SQL Server 24154 Issued a change asymmetric key owner command (action_id TO class_type AK)
SQL Server 24155 Issued a change schema object owner command (action_id TO class_type OB)
SQL Server 24156 Issued a change schema type owner command (action_id TO class_type TY)
SQL Server 24157 Issued a change XML schema collection owner command (action_id TO class_type SX)
SQL Server 24158 Grant server permissions succeeded (action_id G class_type SR)
SQL Server 24159 Grant server permissions failed (action_id G class_type SR)
SQL Server 24160 Grant server permissions with grant succeeded (action_id GWG class_type SR)
SQL Server 24161 Grant server permissions with grant failed (action_id GWG class_type SR)
SQL Server 24162 Deny server permissions succeeded (action_id D class_type SR)
SQL Server 24163 Deny server permissions failed (action_id D class_type SR)
SQL Server 24164 Deny server permissions with cascade succeeded (action_id DWC class_type SR)
SQL Server 24165 Deny server permissions with cascade failed (action_id DWC class_type SR)
SQL Server 24166 Revoke server permissions succeeded (action_id R class_type SR)
SQL Server 24167 Revoke server permissions failed (action_id R class_type SR)
SQL Server 24168 Revoke server permissions with grant succeeded (action_id RWG class_type SR)
SQL Server 24169 Revoke server permissions with grant failed (action_id RWG class_type SR)
SQL Server 24170 Revoke server permissions with cascade succeeded (action_id RWC class_type SR)
SQL Server 24171 Revoke server permissions with cascade failed (action_id RWC class_type SR)
SQL Server 24172 Issued grant server object permissions command (action_id G; class_type LX)
SQL Server 24173 Issued grant server object permissions with grant command (action_id GWG; class_type L
SQL Server 24174 Issued deny server object permissions command (action_id D; class_type LX)
SQL Server 24175 Issued deny server object permissions with cascade command (action_id DWC; class_typ
SQL Server 24176 Issued revoke server object permissions command (action_id R; class_type LX)
SQL Server 24177 Issued revoke server object permissions with grant command (action_id; RWG class_type
SQL Server 24178 Issued revoke server object permissions with cascade command (action_id RWC; class_ty
SQL Server 24179 Grant database permissions succeeded (action_id G class_type DB)
SQL Server 24180 Grant database permissions failed (action_id G class_type DB)
SQL Server 24181 Grant database permissions with grant succeeded (action_id GWG class_type DB)
SQL Server 24182 Grant database permissions with grant failed (action_id GWG class_type DB)
SQL Server 24183 Deny database permissions succeeded (action_id D class_type DB)
SQL Server 24184 Deny database permissions failed (action_id D class_type DB)
SQL Server 24185 Deny database permissions with cascade succeeded (action_id DWC class_type DB)
SQL Server 24186 Deny database permissions with cascade failed (action_id DWC class_type DB)
SQL Server 24187 Revoke database permissions succeeded (action_id R class_type DB)
SQL Server 24188 Revoke database permissions failed (action_id R class_type DB)
SQL Server 24189 Revoke database permissions with grant succeeded (action_id RWG class_type DB)
SQL Server 24190 Revoke database permissions with grant failed (action_id RWG class_type DB)
SQL Server 24191 Revoke database permissions with cascade succeeded (action_id RWC class_type DB)
SQL Server 24192 Revoke database permissions with cascade failed (action_id RWC class_type DB)
SQL Server 24193 Issued grant database object permissions command (action_id G class_type US)
SQL Server 24194 Issued grant database object permissions with grant command (action_id GWG; class_typ
SQL Server 24195 Issued deny database object permissions command (action_id D; class_type US)
SQL Server 24196 Issued deny database object permissions with cascade command (action_id DWC; class_t
SQL Server 24197 Issued revoke database object permissions command (action_id R; class_type US)
SQL Server 24198 Issued revoke database object permissions with grant command (action_id RWG; class_ty
SQL Server 24199 Issued revoke database object permissions with cascade command (action_id RWC; class
SQL Server 24200 Issued grant schema permissions command (action_id G class_type SC)
SQL Server 24201 Issued grant schema permissions with grant command (action_id GWG class_type SC)
SQL Server 24202 Issued deny schema permissions command (action_id D class_type SC)
SQL Server 24203 Issued deny schema permissions with cascade command (action_id DWC class_type SC)
SQL Server 24204 Issued revoke schema permissions command (action_id R class_type SC)
SQL Server 24205 Issued revoke schema permissions with grant command (action_id RWG class_type SC)
SQL Server 24206 Issued revoke schema permissions with cascade command (action_id RWC class_type SC
SQL Server 24207 Issued grant assembly permissions command (action_id G class_type AS)
SQL Server 24208 Issued grant assembly permissions with grant command (action_id GWG class_type AS)
SQL Server 24209 Issued deny assembly permissions command (action_id D class_type AS)
SQL Server 24210 Issued deny assembly permissions with cascade command (action_id DWC class_type AS)
SQL Server 24211 Issued revoke assembly permissions command (action_id R class_type AS)
SQL Server 24212 Issued revoke assembly permissions with grant command (action_id RWG class_type AS)
SQL Server 24213 Issued revoke assembly permissions with cascade command (action_id RWC class_type A
SQL Server 24214 Issued grant database role permissions command (action_id G class_type RL)
SQL Server 24215 Issued grant database role permissions with grant command (action_id GWG class_type R
SQL Server 24216 Issued deny database role permissions command (action_id D class_type RL)
SQL Server 24217 Issued deny database role permissions with cascade command (action_id DWC class_typ
SQL Server 24218 Issued revoke database role permissions command (action_id R class_type RL)
SQL Server 24219 Issued revoke database role permissions with grant command (action_id RWG class_type
SQL Server 24220 Issued revoke database role permissions with cascade command (action_id RWC class_ty
SQL Server 24221 Issued grant application role permissions command (action_id G class_type AR)
SQL Server 24222 Issued grant application role permissions with grant command (action_id GWG class_type
SQL Server 24223 Issued deny application role permissions command (action_id D class_type AR)
SQL Server 24224 Issued deny application role permissions with cascade command (action_id DWC class_ty
SQL Server 24225 Issued revoke application role permissions command (action_id R class_type AR)
SQL Server 24226 Issued revoke application role permissions with grant command (action_id RWG class_typ
SQL Server 24227 Issued revoke application role permissions with cascade command (action_id RWC class_
SQL Server 24228 Issued grant symmetric key permissions command (action_id G class_type SK)
SQL Server 24229 Issued grant symmetric key permissions with grant command (action_id GWG class_type
SQL Server 24230 Issued deny symmetric key permissions command (action_id D class_type SK)
SQL Server 24231 Issued deny symmetric key permissions with cascade command (action_id DWC class_typ
SQL Server 24232 Issued revoke symmetric key permissions command (action_id R class_type SK)
SQL Server 24233 Issued revoke symmetric key permissions with grant command (action_id RWG class_typ
SQL Server 24234 Issued revoke symmetric key permissions with cascade command (action_id RWC class_t
SQL Server 24235 Issued grant certificate permissions command (action_id G class_type CR)
SQL Server 24236 Issued grant certificate permissions with grant command (action_id GWG class_type CR)
SQL Server 24237 Issued deny certificate permissions command (action_id D class_type CR)
SQL Server 24238 Issued deny certificate permissions with cascade command (action_id DWC class_type CR
SQL Server 24239 Issued revoke certificate permissions command (action_id R class_type CR)
SQL Server 24240 Issued revoke certificate permissions with grant command (action_id RWG class_type CR
SQL Server 24241 Issued revoke certificate permissions with cascade command (action_id RWC class_type C
SQL Server 24242 Issued grant asymmetric key permissions command (action_id G class_type AK)
SQL Server 24243 Issued grant asymmetric key permissions with grant command (action_id GWG class_typ
SQL Server 24244 Issued deny asymmetric key permissions command (action_id D class_type AK)
SQL Server 24245 Issued deny asymmetric key permissions with cascade command (action_id DWC class_ty
SQL Server 24246 Issued revoke asymmetric key permissions command (action_id R class_type AK)
SQL Server 24247 Issued revoke asymmetric key permissions with grant command (action_id RWG class_ty
SQL Server 24248 Issued revoke asymmetric key permissions with cascade command (action_id RWC class_
SQL Server 24249 Issued grant schema object permissions command (action_id G class_type OB)
SQL Server 24250 Issued grant schema object permissions with grant command (action_id GWG class_type
SQL Server 24251 Issued deny schema object permissions command (action_id D class_type OB)
SQL Server 24252 Issued deny schema object permissions with cascade command (action_id DWC class_typ
SQL Server 24253 Issued revoke schema object permissions command (action_id R class_type OB)
SQL Server 24254 Issued revoke schema object permissions with grant command (action_id RWG class_typ
SQL Server 24255 Issued revoke schema object permissions with cascade command (action_id RWC class_t
SQL Server 24256 Issued grant schema type permissions command (action_id G class_type TY)
SQL Server 24257 Issued grant schema type permissions with grant command (action_id GWG class_type T
SQL Server 24258 Issued deny schema type permissions command (action_id D class_type TY)
SQL Server 24259 Issued deny schema type permissions with cascade command (action_id DWC class_type
SQL Server 24260 Issued revoke schema type permissions command (action_id R class_type TY)
SQL Server 24261 Issued revoke schema type permissions with grant command (action_id RWG class_type
SQL Server 24262 Issued revoke schema type permissions with cascade command (action_id RWC class_typ
SQL Server 24263 Issued grant XML schema collection permissions command (action_id G class_type SX)
SQL Server 24264 Issued grant XML schema collection permissions with grant command (action_id GWG cla
SQL Server 24265 Issued deny XML schema collection permissions command (action_id D class_type SX)
SQL Server 24266 Issued deny XML schema collection permissions with cascade command (action_id DWC
SQL Server 24267 Issued revoke XML schema collection permissions command (action_id R class_type SX)
SQL Server 24268 Issued revoke XML schema collection permissions with grant command (action_id RWG c
SQL Server 24269 Issued revoke XML schema collection permissions with cascade command (action_id RWC
SQL Server 24270 Issued reference database object permissions command (action_id RF)
SQL Server 24271 Issued send service request command (action_id SN)
SQL Server 24272 Issued check permissions with schema command (action_id VWCT)
SQL Server 24273 Issued use service broker transport security command (action_id LGB)
SQL Server 24274 Issued use database mirroring transport security command (action_id LGM)
SQL Server 24275 Issued alter trace command (action_id ALTR)
SQL Server 24276 Issued start trace command (action_id TASA)
SQL Server 24277 Issued stop trace command (action_id TASP)
SQL Server 24278 Issued enable trace C2 audit mode command (action_id C2ON)
SQL Server 24279 Issued disable trace C2 audit mode command (action_id C2OF)
SQL Server 24280 Issued server full-text command (action_id FT)
SQL Server 24281 Issued select command (action_id SL)
SQL Server 24282 Issued update command (action_id UP)
SQL Server 24283 Issued insert command (action_id IN)
SQL Server 24284 Issued delete command (action_id DL)
SQL Server 24285 Issued execute command (action_id EX)
SQL Server 24286 Issued receive command (action_id RC)
SQL Server 24287 Issued check references command (action_id RF)
SQL Server 24288 Issued a create user-defined server role command (action_id CR class_type SG
SQL Server 24289 Issued a change user-defined server role command (action_id AL class_type SG)
SQL Server 24290 Issued a delete user-defined server role command (action_id DR class_type SG)
SQL Server 24291 Issued grant user-defined server role permissions command (action_id G class_type SG)
SQL Server 24292 Issued grant user-defined server role permissions with grant command (action_id GWG c
SQL Server 24293 Issued deny user-defined server role permissions command (action_id D class_type SG)
SQL Server 24294 Issued deny user-defined server role permissions with cascade command (action_id DWC
SQL Server 24295 Issued revoke user-defined server role permissions command (action_id R class_type SG)
SQL Server 24296 Issued revoke user-defined server role permissions with grant command (action_id RWG
SQL Server 24297 Issued revoke user-defined server role permissions with cascade command (action_id RW
SQL Server 24298 Database login succeeded (action_id DBAS)
SQL Server 24299 Database login failed (action_id DBAF)
SQL Server 24300 Database logout successful (action_id DAGL)
SQL Server 24301 Change password succeeded (action_id PWC; class_type US)
SQL Server 24302 Change password failed (action_id PWC; class_type US)
SQL Server 24303 Change own password succeeded (action_id PWCS; class_type US)
SQL Server 24304 Change own password failed (action_id PWCS; class_type US)
SQL Server 24305 Reset own password succeeded (action_id PWRS; class_type US)
SQL Server 24306 Reset own password failed (action_id PWRS; class_type US)
SQL Server 24307 Reset password succeeded (action_id PWR; class_type US)
SQL Server 24308 Reset password failed (action_id PWR; class_type US)
SQL Server 24309 Copy password (action_id USTC)
SQL Server 24310 User-defined SQL audit event (action_id UDAU)
SQL Server 24311 Issued a change database audit command (action_id AL class_type DU)
SQL Server 24312 Issued a create database audit command (action_id CR class_type DU)
SQL Server 24313 Issued a delete database audit command (action_id DR class_type DU)
SQL Server 24314 Issued a begin transaction command (action_id TXBG)
SQL Server 24315 Issued a commit transaction command (action_id TXCM)
SQL Server 24316 Issued a rollback transaction command (action_id TXRB)
SQL Server 24317 Issued a create column master key command (action_id CR; class_type CM)
SQL Server 24318 Issued a delete column master key command (action_id DR; class_type CM)
SQL Server 24319 A column master key was viewed (action_id VW; class_type CM)
SQL Server 24320 Issued a create column encryption key command (action_id CR; class_type CK)
SQL Server 24321 Issued a change column encryption key command (action_id AL; class_type CK)
SQL Server 24322 Issued a delete column encryption key command (action_id DR; class_type CK)
SQL Server 24323 A column encryption key was viewed (action_id VW; class_type CK)
SQL Server 24324 Issued a create database credential command (action_id CR; class_type DC)
SQL Server 24325 Issued a change database credential command (action_id AL; class_type DC)
SQL Server 24326 Issued a delete database credential command (action_id DR; class_type DC)
SQL Server 24327 Issued a change database scoped configuration command (action_id AL; class_type DS)
SQL Server 24328 Issued a create external data source command (action_id CR; class_type ED)
SQL Server 24329 Issued a change external data source command (action_id AL; class_type ED)
SQL Server 24330 Issued a delete external data source command (action_id DR; class_type ED)
SQL Server 24331 Issued a create external file format command (action_id CR; class_type EF)
SQL Server 24332 Issued a delete external file format command (action_id DR; class_type EF)
SQL Server 24333 Issued a create external resource pool command (action_id CR; class_type ER)
SQL Server 24334 Issued a change external resource pool command (action_id AL; class_type ER)
SQL Server 24335 Issued a delete external resource pool command (action_id DR; class_type ER)
SQL Server 24337 Global transaction login (action_id LGG)
SQL Server 24338 Grant permissions on a database scoped credential succeeded (action_id G; class_type D
SQL Server 24339 Grant permissions on a database scoped credential failed (action_id G; class_type DC)
SQL Server 24340 Grant permissions on a database scoped credential with grant succeeded (action_id GWG
SQL Server 24341 Grant permissions on a database scoped credential with grant failed (action_id GWG; clas
SQL Server 24342 Deny permissions on a database scoped credential succeeded (action_id D; class_type DC
SQL Server 24343 Deny permissions on a database scoped credential failed (action_id D; class_type DC)
SQL Server 24344 Deny permissions on a database scoped credential with cascade succeeded (action_id DW
SQL Server 24345 Deny permissions on a database scoped credential with cascade failed (action_id DWC; c
SQL Server 24346 Revoke permissions on a database scoped credential succeeded (action_id R; class_type D
SQL Server 24347 Revoke permissions on a database scoped credential failed (action_id R; class_type DC)
SQL Server 24348 Revoke permissions with cascade on a database scoped credential succeeded (action_id R
SQL Server 24349 Issued a change assembly owner command (action_id TO class_type AS)
SQL Server 24350 Revoke permissions with cascade on a database scoped credential failed (action_id RWC;
SQL Server 24351 Revoke permissions with grant on a database scoped credential succeeded (action_id RW
SQL Server 24352 Revoke permissions with grant on a database scoped credential failed (action_id RWG; cl
SQL Server 24353 Issued a change database scoped credential owner command (action_id TO; class_type D
SQL Server 24354 Issued a create external library command (action_id CR; class_type EL)
SQL Server 24355 Issued a change external library command (action_id AL; class_type EL)
SQL Server 24356 Issued a drop external library command (action_id DR; class_type EL)
SQL Server 24357 Grant permissions on an external library succeeded (action_id G; class_type EL)
SQL Server 24358 Grant permissions on an external library failed (action_id G; class_type EL)
SQL Server 24359 Grant permissions on an external library with grant succeeded (action_id GWG; class_typ
SQL Server 24360 Grant permissions on an external library with grant failed (action_id GWG; class_type EL)
SQL Server 24361 Deny permissions on an external library succeeded (action_id D; class_type EL)
SQL Server 24362 Deny permissions on an external library failed (action_id D; class_type EL)
SQL Server 24363 Deny permissions on an external library with cascade succeeded (action_id DWC; class_ty
SQL Server 24364 Deny permissions on an external library with cascade failed (action_id DWC; class_type E
SQL Server 24365 Revoke permissions on an external library succeeded (action_id R; class_type EL)
SQL Server 24366 Revoke permissions on an external library failed (action_id R; class_type EL)
SQL Server 24367 Revoke permissions with cascade on an external library succeeded (action_id RWC; class_
SQL Server 24368 Revoke permissions with cascade on an external library failed (action_id RWC; class_type
SQL Server 24369 Revoke permissions with grant on an external library succeeded (action_id RWG; class_ty
SQL Server 24370 Revoke permissions with grant on an external library failed (action_id RWG; class_type EL
SQL Server 24371 Issued a create database scoped resource governor command (action_id CR; class_type D
SQL Server 24372 Issued a change database scoped resource governor command (action_id AL; class_type
SQL Server 24373 Issued a drop database scoped resource governor command (action_id DR; class_type DR
SQL Server 24374 Issued a database bulk administration command (action_id DABO; class_type DB)
SQL Server 24375 Command to change permission failed (action_id D, DWC, G, GWG, R, RWC, RWG; class_t
Sysmon 1 Process creation
Sysmon 2 A process changed a file creation time
Sysmon 3 Network connection
Sysmon 4 Sysmon service state changed
Sysmon 5 Process terminated
Sysmon 6 Driver loaded
Sysmon 7 Image loaded
Sysmon 8 CreateRemoteThread
Sysmon 9 RawAccessRead
Sysmon 10 ProcessAccess
Sysmon 11 FileCreate
Sysmon 12 RegistryEvent (Object create and delete)
Sysmon 13 RegistryEvent (Value Set)
Sysmon 14 RegistryEvent (Key and Value Rename)
Sysmon 15 FileCreateStreamHash
Sysmon 16 Sysmon config state changed
Sysmon 17 Pipe created
Sysmon 18 Pipe connected
Sysmon 19 WmiEventFilter activity detected
Sysmon 20 WmiEventConsumer activity detected
Sysmon 21 WmiEventConsumerToFilter activity detected
Sysmon 22 DNSEvent
Sysmon 23 FileDelete
Sysmon 24 ClipboardChange
Sysmon 225 Error
Windows 512 Windows NT is starting up
Windows 513 Windows is shutting down
Windows 514 An authentication package has been loaded by the Local Security Authority
Windows 515 A trusted logon process has registered with the Local Security Authority
Windows 516 Internal resources allocated for the queuing of audit messages have been exhausted, lead
Windows 517 The audit log was cleared
Windows 518 A notification package has been loaded by the Security Account Manager
Windows 519 A process is using an invalid local procedure call (LPC) port
Windows 520 The system time was changed
Windows 521 Unable to log events to security log
Windows 528 Successful Logon
Windows 529 Logon Failure - Unknown user name or bad password
Windows 530 Logon Failure - Account logon time restriction violation
Windows 531 Logon Failure - Account currently disabled
Windows 532 Logon Failure - The specified user account has expired
Windows 533 Logon Failure - User not allowed to logon at this computer
Windows 534 Logon Failure - The user has not been granted the requested logon type at this machine
Windows 535 Logon Failure - The specified account's password has expired
Windows 536 Logon Failure - The NetLogon component is not active
Windows 537 Logon failure - The logon attempt failed for other reasons.
Windows 538 User Logoff
Windows 539 Logon Failure - Account locked out
Windows 540 Successful Network Logon
Windows 551 User initiated logoff
Windows 552 Logon attempt using explicit credentials
Windows 560 Object Open
Windows 561 Handle Allocated
Windows 562 Handle Closed
Windows 563 Object Open for Delete
Windows 564 Object Deleted
Windows 565 Object Open (Active Directory)
Windows 566 Object Operation (W3 Active Directory)
Windows 567 Object Access Attempt
Windows 576 Special privileges assigned to new logon
Windows 577 Privileged Service Called
Windows 578 Privileged object operation
Windows 592 A new process has been created
Windows 593 A process has exited
Windows 594 A handle to an object has been duplicated
Windows 595 Indirect access to an object has been obtained
Windows 596 Backup of data protection master key
Windows 600 A process was assigned a primary token
Windows 601 Attempt to install service
Windows 602 Scheduled Task created
Windows 608 User Right Assigned
Windows 609 User Right Removed
Windows 610 New Trusted Domain
Windows 611 Removing Trusted Domain
Windows 612 Audit Policy Change
Windows 613 IPSec policy agent started
Windows 614 IPSec policy agent disabled
Windows 615 IPSEC PolicyAgent Service
Windows 616 IPSec policy agent encountered a potentially serious failure.
Windows 617 Kerberos Policy Changed
Windows 618 Encrypted Data Recovery Policy Changed
Windows 619 Quality of Service Policy Changed
Windows 620 Trusted Domain Information Modified
Windows 621 System Security Access Granted
Windows 622 System Security Access Removed
Windows 623 Per User Audit Policy was refreshed
Windows 624 User Account Created
Windows 625 User Account Type Changed
Windows 626 User Account Enabled
Windows 627 Change Password Attempt
Windows 628 User Account password set
Windows 629 User Account Disabled
Windows 630 User Account Deleted
Windows 631 Security Enabled Global Group Created
Windows 632 Security Enabled Global Group Member Added
Windows 633 Security Enabled Global Group Member Removed
Windows 634 Security Enabled Global Group Deleted
Windows 635 Security Enabled Local Group Created
Windows 636 Security Enabled Local Group Member Added
Windows 637 Security Enabled Local Group Member Removed
Windows 638 Security Enabled Local Group Deleted
Windows 639 Security Enabled Local Group Changed
Windows 640 General Account Database Change
Windows 641 Security Enabled Global Group Changed
Windows 642 User Account Changed
Windows 643 Domain Policy Changed
Windows 644 User Account Locked Out
Windows 645 Computer Account Created
Windows 646 Computer Account Changed
Windows 647 Computer Account Deleted
Windows 648 Security Disabled Local Group Created
Windows 649 Security Disabled Local Group Changed
Windows 650 Security Disabled Local Group Member Added
Windows 651 Security Disabled Local Group Member Removed
Windows 652 Security Disabled Local Group Deleted
Windows 653 Security Disabled Global Group Created
Windows 654 Security Disabled Global Group Changed
Windows 655 Security Disabled Global Group Member Added
Windows 656 Security Disabled Global Group Member Removed
Windows 657 Security Disabled Global Group Deleted
Windows 658 Security Enabled Universal Group Created
Windows 659 Security Enabled Universal Group Changed
Windows 660 Security Enabled Universal Group Member Added
Windows 661 Security Enabled Universal Group Member Removed
Windows 662 Security Enabled Universal Group Deleted
Windows 663 Security Disabled Universal Group Created
Windows 664 Security Disabled Universal Group Changed
Windows 665 Security Disabled Universal Group Member Added
Windows 666 Security Disabled Universal Group Member Removed
Windows 667 Security Disabled Universal Group Deleted
Windows 668 Group Type Changed
Windows 669 Add SID History
Windows 670 Add SID History
Windows 671 User Account Unlocked
Windows 672 Authentication Ticket Granted
Windows 673 Service Ticket Granted
Windows 674 Ticket Granted Renewed
Windows 675 Pre-authentication failed
Windows 676 Authentication Ticket Request Failed
Windows 677 Service Ticket Request Failed
Windows 678 Account Mapped for Logon by
Windows 679 The name: %2 could not be mapped for logon by: %1
Windows 680 Account Used for Logon by
Windows 681 The logon to account: %2 by: %1 from workstation: %3 failed.
Windows 682 Session reconnected to winstation
Windows 683 Session disconnected from winstation
Windows 684 Set ACLs of members in administrators groups
Windows 685 Account Name Changed
Windows 686 Password of the following user accessed
Windows 687 Basic Application Group Created
Windows 688 Basic Application Group Changed
Windows 689 Basic Application Group Member Added
Windows 690 Basic Application Group Member Removed
Windows 691 Basic Application Group Non-Member Added
Windows 692 Basic Application Group Non-Member Removed
Windows 693 Basic Application Group Deleted
Windows 694 LDAP Query Group Created
Windows 695 LDAP Query Group Changed
Windows 696 LDAP Query Group Deleted
Windows 697 Password Policy Checking API is called
Windows 806 Per User Audit Policy was refreshed
Windows 807 Per user auditing policy set for user
Windows 808 A security event source has attempted to register
Windows 809 A security event source has attempted to unregister
Windows 848 The following policy was active when the Windows Firewall started
Windows 849 An application was listed as an exception when the Windows Firewall started
Windows 850 A port was listed as an exception when the Windows Firewall started
Windows 851 A change has been made to the Windows Firewall application exception list
Windows 852 A change has been made to the Windows Firewall port exception list
Windows 853 The Windows Firewall operational mode has changed
Windows 854 The Windows Firewall logging settings have changed
Windows 855 A Windows Firewall ICMP setting has changed
Windows 856 The Windows Firewall setting to allow unicast responses to multicast/broadcast traffic ha
Windows 857 The Windows Firewall setting to allow remote administration, allowing port TCP 135 and
Windows 858 Windows Firewall group policy settings have been applied
Windows 859 The Windows Firewall group policy settings have been removed
Windows 860 The Windows Firewall has switched the active policy profile
Windows 861 The Windows Firewall has detected an application listening for incoming traffic
Windows 1100 The event logging service has shut down
Windows 1101 Audit events have been dropped by the transport.
Windows 1102 The audit log was cleared
Windows 1104 The security Log is now full
Windows 1105 Event log automatic backup
Windows 1108 The event logging service encountered an error
Windows 4608 Windows is starting up
Windows 4609 Windows is shutting down
Windows 4610 An authentication package has been loaded by the Local Security Authority
Windows 4611 A trusted logon process has been registered with the Local Security Authority
Windows 4612 Internal resources allocated for the queuing of audit messages have been exhausted, lead
Windows 4614 A notification package has been loaded by the Security Account Manager.
Windows 4615 Invalid use of LPC port
Windows 4616 The system time was changed.
Windows 4618 A monitored security event pattern has occurred
Windows 4621 Administrator recovered system from CrashOnAuditFail
Windows 4622 A security package has been loaded by the Local Security Authority.
Windows 4624 An account was successfully logged on
Windows 4625 An account failed to log on
Windows 4626 User/Device claims information
Windows 4627 Group membership information.
Windows 4634 An account was logged off
Windows 4646 IKE DoS-prevention mode started
Windows 4647 User initiated logoff
Windows 4648 A logon was attempted using explicit credentials
Windows 4649 A replay attack was detected
Windows 4650 An IPsec Main Mode security association was established
Windows 4651 An IPsec Main Mode security association was established
Windows 4652 An IPsec Main Mode negotiation failed
Windows 4653 An IPsec Main Mode negotiation failed
Windows 4654 An IPsec Quick Mode negotiation failed
Windows 4655 An IPsec Main Mode security association ended
Windows 4656 A handle to an object was requested
Windows 4657 A registry value was modified
Windows 4658 The handle to an object was closed
Windows 4659 A handle to an object was requested with intent to delete
Windows 4660 An object was deleted
Windows 4661 A handle to an object was requested
Windows 4662 An operation was performed on an object
Windows 4663 An attempt was made to access an object
Windows 4664 An attempt was made to create a hard link
Windows 4665 An attempt was made to create an application client context.
Windows 4666 An application attempted an operation
Windows 4667 An application client context was deleted
Windows 4668 An application was initialized
Windows 4670 Permissions on an object were changed
Windows 4671 An application attempted to access a blocked ordinal through the TBS
Windows 4672 Special privileges assigned to new logon
Windows 4673 A privileged service was called
Windows 4674 An operation was attempted on a privileged object
Windows 4675 SIDs were filtered
Windows 4688 A new process has been created
Windows 4689 A process has exited
Windows 4690 An attempt was made to duplicate a handle to an object
Windows 4691 Indirect access to an object was requested
Windows 4692 Backup of data protection master key was attempted
Windows 4693 Recovery of data protection master key was attempted
Windows 4694 Protection of auditable protected data was attempted
Windows 4695 Unprotection of auditable protected data was attempted
Windows 4696 A primary token was assigned to process
Windows 4697 A service was installed in the system
Windows 4698 A scheduled task was created
Windows 4699 A scheduled task was deleted
Windows 4700 A scheduled task was enabled
Windows 4701 A scheduled task was disabled
Windows 4702 A scheduled task was updated
Windows 4703 A token right was adjusted
Windows 4704 A user right was assigned
Windows 4705 A user right was removed
Windows 4706 A new trust was created to a domain
Windows 4707 A trust to a domain was removed
Windows 4709 IPsec Services was started
Windows 4710 IPsec Services was disabled
Windows 4711 PAStore Engine (1%)
Windows 4712 IPsec Services encountered a potentially serious failure
Windows 4713 Kerberos policy was changed
Windows 4714 Encrypted data recovery policy was changed
Windows 4715 The audit policy (SACL) on an object was changed
Windows 4716 Trusted domain information was modified
Windows 4717 System security access was granted to an account
Windows 4718 System security access was removed from an account
Windows 4719 System audit policy was changed
Windows 4720 A user account was created
Windows 4722 A user account was enabled
Windows 4723 An attempt was made to change an account's password
Windows 4724 An attempt was made to reset an accounts password
Windows 4725 A user account was disabled
Windows 4726 A user account was deleted
Windows 4727 A security-enabled global group was created
Windows 4728 A member was added to a security-enabled global group
Windows 4729 A member was removed from a security-enabled global group
Windows 4730 A security-enabled global group was deleted
Windows 4731 A security-enabled local group was created
Windows 4732 A member was added to a security-enabled local group
Windows 4733 A member was removed from a security-enabled local group
Windows 4734 A security-enabled local group was deleted
Windows 4735 A security-enabled local group was changed
Windows 4737 A security-enabled global group was changed
Windows 4738 A user account was changed
Windows 4739 Domain Policy was changed
Windows 4740 A user account was locked out
Windows 4741 A computer account was created
Windows 4742 A computer account was changed
Windows 4743 A computer account was deleted
Windows 4744 A security-disabled local group was created
Windows 4745 A security-disabled local group was changed
Windows 4746 A member was added to a security-disabled local group
Windows 4747 A member was removed from a security-disabled local group
Windows 4748 A security-disabled local group was deleted
Windows 4749 A security-disabled global group was created
Windows 4750 A security-disabled global group was changed
Windows 4751 A member was added to a security-disabled global group
Windows 4752 A member was removed from a security-disabled global group
Windows 4753 A security-disabled global group was deleted
Windows 4754 A security-enabled universal group was created
Windows 4755 A security-enabled universal group was changed
Windows 4756 A member was added to a security-enabled universal group
Windows 4757 A member was removed from a security-enabled universal group
Windows 4758 A security-enabled universal group was deleted
Windows 4759 A security-disabled universal group was created
Windows 4760 A security-disabled universal group was changed
Windows 4761 A member was added to a security-disabled universal group
Windows 4762 A member was removed from a security-disabled universal group
Windows 4763 A security-disabled universal group was deleted
Windows 4764 A groups type was changed
Windows 4765 SID History was added to an account
Windows 4766 An attempt to add SID History to an account failed
Windows 4767 A user account was unlocked
Windows 4768 A Kerberos authentication ticket (TGT) was requested
Windows 4769 A Kerberos service ticket was requested
Windows 4770 A Kerberos service ticket was renewed
Windows 4771 Kerberos pre-authentication failed
Windows 4772 A Kerberos authentication ticket request failed
Windows 4773 A Kerberos service ticket request failed
Windows 4774 An account was mapped for logon
Windows 4775 An account could not be mapped for logon
Windows 4776 The domain controller attempted to validate the credentials for an account
Windows 4777 The domain controller failed to validate the credentials for an account
Windows 4778 A session was reconnected to a Window Station
Windows 4779 A session was disconnected from a Window Station
Windows 4780 The ACL was set on accounts which are members of administrators groups
Windows 4781 The name of an account was changed
Windows 4782 The password hash an account was accessed
Windows 4783 A basic application group was created
Windows 4784 A basic application group was changed
Windows 4785 A member was added to a basic application group
Windows 4786 A member was removed from a basic application group
Windows 4787 A non-member was added to a basic application group
Windows 4788 A non-member was removed from a basic application group..
Windows 4789 A basic application group was deleted
Windows 4790 An LDAP query group was created
Windows 4791 A basic application group was changed
Windows 4792 An LDAP query group was deleted
Windows 4793 The Password Policy Checking API was called
Windows 4794 An attempt was made to set the Directory Services Restore Mode administrator passwor
Windows 4797 An attempt was made to query the existence of a blank password for an account
Windows 4798 A user's local group membership was enumerated.
Windows 4799 A security-enabled local group membership was enumerated
Windows 4800 The workstation was locked
Windows 4801 The workstation was unlocked
Windows 4802 The screen saver was invoked
Windows 4803 The screen saver was dismissed
Windows 4816 RPC detected an integrity violation while decrypting an incoming message
Windows 4817 Auditing settings on object were changed.
Windows 4818 Proposed Central Access Policy does not grant the same access permissions as the curren
Windows 4819 Central Access Policies on the machine have been changed
Windows 4820 A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the
Windows 4821 A Kerberos service ticket was denied because the user, device, or both does not meet the
Windows 4822 NTLM authentication failed because the account was a member of the Protected User gro
Windows 4823 NTLM authentication failed because access control restrictions are required
Windows 4824 Kerberos preauthentication by using DES or RC4 failed because the account was a memb
Windows 4825 A user was denied the access to Remote Desktop. By default, users are allowed to connec
Windows 4826 Boot Configuration Data loaded
Windows 4830 SID History was removed from an account
Windows 4864 A namespace collision was detected
Windows 4865 A trusted forest information entry was added
Windows 4866 A trusted forest information entry was removed
Windows 4867 A trusted forest information entry was modified
Windows 4868 The certificate manager denied a pending certificate request
Windows 4869 Certificate Services received a resubmitted certificate request
Windows 4870 Certificate Services revoked a certificate
Windows 4871 Certificate Services received a request to publish the certificate revocation list (CRL)
Windows 4872 Certificate Services published the certificate revocation list (CRL)
Windows 4873 A certificate request extension changed
Windows 4874 One or more certificate request attributes changed.
Windows 4875 Certificate Services received a request to shut down
Windows 4876 Certificate Services backup started
Windows 4877 Certificate Services backup completed
Windows 4878 Certificate Services restore started
Windows 4879 Certificate Services restore completed
Windows 4880 Certificate Services started
Windows 4881 Certificate Services stopped
Windows 4882 The security permissions for Certificate Services changed
Windows 4883 Certificate Services retrieved an archived key
Windows 4884 Certificate Services imported a certificate into its database
Windows 4885 The audit filter for Certificate Services changed
Windows 4886 Certificate Services received a certificate request
Windows 4887 Certificate Services approved a certificate request and issued a certificate
Windows 4888 Certificate Services denied a certificate request
Windows 4889 Certificate Services set the status of a certificate request to pending
Windows 4890 The certificate manager settings for Certificate Services changed.
Windows 4891 A configuration entry changed in Certificate Services
Windows 4892 A property of Certificate Services changed
Windows 4893 Certificate Services archived a key
Windows 4894 Certificate Services imported and archived a key
Windows 4895 Certificate Services published the CA certificate to Active Directory Domain Services
Windows 4896 One or more rows have been deleted from the certificate database
Windows 4897 Role separation enabled
Windows 4898 Certificate Services loaded a template
Windows 4899 A Certificate Services template was updated
Windows 4900 Certificate Services template security was updated
Windows 4902 The Per-user audit policy table was created
Windows 4904 An attempt was made to register a security event source
Windows 4905 An attempt was made to unregister a security event source
Windows 4906 The CrashOnAuditFail value has changed
Windows 4907 Auditing settings on object were changed
Windows 4908 Special Groups Logon table modified
Windows 4909 The local policy settings for the TBS were changed
Windows 4910 The group policy settings for the TBS were changed
Windows 4911 Resource attributes of the object were changed
Windows 4912 Per User Audit Policy was changed
Windows 4913 Central Access Policy on the object was changed
Windows 4928 An Active Directory replica source naming context was established
Windows 4929 An Active Directory replica source naming context was removed
Windows 4930 An Active Directory replica source naming context was modified
Windows 4931 An Active Directory replica destination naming context was modified
Windows 4932 Synchronization of a replica of an Active Directory naming context has begun
Windows 4933 Synchronization of a replica of an Active Directory naming context has ended
Windows 4934 Attributes of an Active Directory object were replicated
Windows 4935 Replication failure begins
Windows 4936 Replication failure ends
Windows 4937 A lingering object was removed from a replica
Windows 4944 The following policy was active when the Windows Firewall started
Windows 4945 A rule was listed when the Windows Firewall started
Windows 4946 A change has been made to Windows Firewall exception list. A rule was added
Windows 4947 A change has been made to Windows Firewall exception list. A rule was modified
Windows 4948 A change has been made to Windows Firewall exception list. A rule was deleted
Windows 4949 Windows Firewall settings were restored to the default values
Windows 4950 A Windows Firewall setting has changed
Windows 4951 A rule has been ignored because its major version number was not recognized by Window
Windows 4952 Parts of a rule have been ignored because its minor version number was not recognized b
Windows 4953 A rule has been ignored by Windows Firewall because it could not parse the rule
Windows 4954 Windows Firewall Group Policy settings has changed. The new settings have been applied
Windows 4956 Windows Firewall has changed the active profile
Windows 4957 Windows Firewall did not apply the following rule
Windows 4958 Windows Firewall did not apply the following rule because the rule referred to items not
Windows 4960 IPsec dropped an inbound packet that failed an integrity check
Windows 4961 IPsec dropped an inbound packet that failed a replay check
Windows 4962 IPsec dropped an inbound packet that failed a replay check
Windows 4963 IPsec dropped an inbound clear text packet that should have been secured
Windows 4964 Special groups have been assigned to a new logon
Windows 4965 IPsec received a packet from a remote computer with an incorrect Security Parameter In
Windows 4976 During Main Mode negotiation, IPsec received an invalid negotiation packet.
Windows 4977 During Quick Mode negotiation, IPsec received an invalid negotiation packet.
Windows 4978 During Extended Mode negotiation, IPsec received an invalid negotiation packet.
Windows 4979 IPsec Main Mode and Extended Mode security associations were established.
Windows 4980 IPsec Main Mode and Extended Mode security associations were established
Windows 4981 IPsec Main Mode and Extended Mode security associations were established
Windows 4982 IPsec Main Mode and Extended Mode security associations were established
Windows 4983 An IPsec Extended Mode negotiation failed
Windows 4984 An IPsec Extended Mode negotiation failed
Windows 4985 The state of a transaction has changed
Windows 5024 The Windows Firewall Service has started successfully
Windows 5025 The Windows Firewall Service has been stopped
Windows 5027 The Windows Firewall Service was unable to retrieve the security policy from the local sto
Windows 5028 The Windows Firewall Service was unable to parse the new security policy.
Windows 5029 The Windows Firewall Service failed to initialize the driver
Windows 5030 The Windows Firewall Service failed to start
Windows 5031 The Windows Firewall Service blocked an application from accepting incoming connectio
Windows 5032 Windows Firewall was unable to notify the user that it blocked an application from accep
Windows 5033 The Windows Firewall Driver has started successfully
Windows 5034 The Windows Firewall Driver has been stopped
Windows 5035 The Windows Firewall Driver failed to start
Windows 5037 The Windows Firewall Driver detected critical runtime error. Terminating
Windows 5038 Code integrity determined that the image hash of a file is not valid
Windows 5039 A registry key was virtualized.
Windows 5040 A change has been made to IPsec settings. An Authentication Set was added.
Windows 5041 A change has been made to IPsec settings. An Authentication Set was modified
Windows 5042 A change has been made to IPsec settings. An Authentication Set was deleted
Windows 5043 A change has been made to IPsec settings. A Connection Security Rule was added
Windows 5044 A change has been made to IPsec settings. A Connection Security Rule was modified
Windows 5045 A change has been made to IPsec settings. A Connection Security Rule was deleted
Windows 5046 A change has been made to IPsec settings. A Crypto Set was added
Windows 5047 A change has been made to IPsec settings. A Crypto Set was modified
Windows 5048 A change has been made to IPsec settings. A Crypto Set was deleted
Windows 5049 An IPsec Security Association was deleted
Windows 5050 An attempt to programmatically disable the Windows Firewall using a call to INetFwProfi
Windows 5051 A file was virtualized
Windows 5056 A cryptographic self test was performed
Windows 5057 A cryptographic primitive operation failed
Windows 5058 Key file operation
Windows 5059 Key migration operation
Windows 5060 Verification operation failed
Windows 5061 Cryptographic operation
Windows 5062 A kernel-mode cryptographic self test was performed
Windows 5063 A cryptographic provider operation was attempted
Windows 5064 A cryptographic context operation was attempted
Windows 5065 A cryptographic context modification was attempted
Windows 5066 A cryptographic function operation was attempted
Windows 5067 A cryptographic function modification was attempted
Windows 5068 A cryptographic function provider operation was attempted
Windows 5069 A cryptographic function property operation was attempted
Windows 5070 A cryptographic function property operation was attempted
Windows 5071 Key access denied by Microsoft key distribution service
Windows 5120 OCSP Responder Service Started
Windows 5121 OCSP Responder Service Stopped
Windows 5122 A Configuration entry changed in the OCSP Responder Service
Windows 5123 A configuration entry changed in the OCSP Responder Service
Windows 5124 A security setting was updated on OCSP Responder Service
Windows 5125 A request was submitted to OCSP Responder Service
Windows 5126 Signing Certificate was automatically updated by the OCSP Responder Service
Windows 5127 The OCSP Revocation Provider successfully updated the revocation information
Windows 5136 A directory service object was modified
Windows 5137 A directory service object was created
Windows 5138 A directory service object was undeleted
Windows 5139 A directory service object was moved
Windows 5140 A network share object was accessed
Windows 5141 A directory service object was deleted
Windows 5142 A network share object was added.
Windows 5143 A network share object was modified
Windows 5144 A network share object was deleted.
Windows 5145 A network share object was checked to see whether client can be granted desired access
Windows 5146 The Windows Filtering Platform has blocked a packet
Windows 5147 A more restrictive Windows Filtering Platform filter has blocked a packet
Windows 5148 The Windows Filtering Platform has detected a DoS attack and entered a defensive mode
Windows 5149 The DoS attack has subsided and normal processing is being resumed.
Windows 5150 The Windows Filtering Platform has blocked a packet.
Windows 5151 A more restrictive Windows Filtering Platform filter has blocked a packet.
Windows 5152 The Windows Filtering Platform blocked a packet
Windows 5153 A more restrictive Windows Filtering Platform filter has blocked a packet
Windows 5154 The Windows Filtering Platform has permitted an application or service to listen on a por
Windows 5155 The Windows Filtering Platform has blocked an application or service from listening on a
Windows 5156 The Windows Filtering Platform has allowed a connection
Windows 5157 The Windows Filtering Platform has blocked a connection
Windows 5158 The Windows Filtering Platform has permitted a bind to a local port
Windows 5159 The Windows Filtering Platform has blocked a bind to a local port
Windows 5168 Spn check for SMB/SMB2 fails.
Windows 5169 A directory service object was modified
Windows 5170 A directory service object was modified during a background cleanup task
Windows 5376 Credential Manager credentials were backed up
Windows 5377 Credential Manager credentials were restored from a backup
Windows 5378 The requested credentials delegation was disallowed by policy
Windows 5379 Credential Manager credentials were read
Windows 5380 Vault Find Credential
Windows 5381 Vault credentials were read
Windows 5382 Vault credentials were read
Windows 5440 The following callout was present when the Windows Filtering Platform Base Filtering Eng
Windows 5441 The following filter was present when the Windows Filtering Platform Base Filtering Engin
Windows 5442 The following provider was present when the Windows Filtering Platform Base Filtering E
Windows 5443 The following provider context was present when the Windows Filtering Platform Base Fi
Windows 5444 The following sub-layer was present when the Windows Filtering Platform Base Filtering E
Windows 5446 A Windows Filtering Platform callout has been changed
Windows 5447 A Windows Filtering Platform filter has been changed
Windows 5448 A Windows Filtering Platform provider has been changed
Windows 5449 A Windows Filtering Platform provider context has been changed
Windows 5450 A Windows Filtering Platform sub-layer has been changed
Windows 5451 An IPsec Quick Mode security association was established
Windows 5452 An IPsec Quick Mode security association ended
Windows 5453 An IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Key
Windows 5456 PAStore Engine applied Active Directory storage IPsec policy on the computer
Windows 5457 PAStore Engine failed to apply Active Directory storage IPsec policy on the computer
Windows 5458 PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the
Windows 5459 PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy
Windows 5460 PAStore Engine applied local registry storage IPsec policy on the computer
Windows 5461 PAStore Engine failed to apply local registry storage IPsec policy on the computer
Windows 5462 PAStore Engine failed to apply some rules of the active IPsec policy on the computer
Windows 5463 PAStore Engine polled for changes to the active IPsec policy and detected no changes
Windows 5464 PAStore Engine polled for changes to the active IPsec policy, detected changes, and appli
Windows 5465 PAStore Engine received a control for forced reloading of IPsec policy and processed the
Windows 5466 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that A
Windows 5467 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that A
Windows 5468 PAStore Engine polled for changes to the Active Directory IPsec policy, determined that A
Windows 5471 PAStore Engine loaded local storage IPsec policy on the computer
Windows 5472 PAStore Engine failed to load local storage IPsec policy on the computer
Windows 5473 PAStore Engine loaded directory storage IPsec policy on the computer
Windows 5474 PAStore Engine failed to load directory storage IPsec policy on the computer
Windows 5477 PAStore Engine failed to add quick mode filter
Windows 5478 IPsec Services has started successfully
Windows 5479 IPsec Services has been shut down successfully
Windows 5480 IPsec Services failed to get the complete list of network interfaces on the computer
Windows 5483 IPsec Services failed to initialize RPC server. IPsec Services could not be started
Windows 5484 IPsec Services has experienced a critical failure and has been shut down
Windows 5485 IPsec Services failed to process some IPsec filters on a plug-and-play event for network in
Windows 5632 A request was made to authenticate to a wireless network
Windows 5633 A request was made to authenticate to a wired network
Windows 5712 A Remote Procedure Call (RPC) was attempted
Windows 5888 An object in the COM+ Catalog was modified
Windows 5889 An object was deleted from the COM+ Catalog
Windows 5890 An object was added to the COM+ Catalog
Windows 6144 Security policy in the group policy objects has been applied successfully
Windows 6145 One or more errors occured while processing security policy in the group policy objects
Windows 6272 Network Policy Server granted access to a user
Windows 6273 Network Policy Server denied access to a user
Windows 6274 Network Policy Server discarded the request for a user
Windows 6275 Network Policy Server discarded the accounting request for a user
Windows 6276 Network Policy Server quarantined a user
Windows 6277 Network Policy Server granted access to a user but put it on probation because the host d
Windows 6278 Network Policy Server granted full access to a user because the host met the defined hea
Windows 6279 Network Policy Server locked the user account due to repeated failed authentication atte
Windows 6280 Network Policy Server unlocked the user account
Windows 6281 Code Integrity determined that the page hashes of an image file are not valid...
Windows 6400 BranchCache: Received an incorrectly formatted response while discovering availability o
Windows 6401 BranchCache: Received invalid data from a peer. Data discarded.
Windows 6402 BranchCache: The message to the hosted cache offering it data is incorrectly formatted.
Windows 6403 BranchCache: The hosted cache sent an incorrectly formatted response to the client's me
Windows 6404 BranchCache: Hosted cache could not be authenticated using the provisioned SSL certific
Windows 6405 BranchCache: %2 instance(s) of event id %1 occurred.
Windows 6406 %1 registered to Windows Firewall to control filtering for the following:
Windows 6407 1%
Windows 6408 Registered product %1 failed and Windows Firewall is now controlling the filtering for %2
Windows 6409 BranchCache: A service connection point object could not be parsed
Windows 6410 Code integrity determined that a file does not meet the security requirements to load int
Windows 6416 A new external device was recognized by the system.
Windows 6417 The FIPS mode crypto selftests succeeded
Windows 6418 The FIPS mode crypto selftests failed
Windows 6419 A request was made to disable a device
Windows 6420 A device was disabled
Windows 6421 A request was made to enable a device
Windows 6422 A device was enabled
Windows 6423 The installation of this device is forbidden by system policy
Windows 6424 The installation of this device was allowed, after having previously been forbidden by pol
Windows 8191 Highest System-Defined Audit Message Value
 TODOS OS CÓDIGOS

ndocumented Exchange mailbox operation

peration Copy - Copy item to another Exchange mailbox folder
peration Create - Create item in Exchange mailbox
peration FolderBind - Access Exchange mailbox folder
peration HardDelete - Delete Exchange mailbox item permanently from Recoverable Items folder
peration MessageBind - Access Exchange mailbox item
peration Move - Move item to another Exchange mailbox folder
peration MoveToDeletedItems - Move Exchange mailbox item to Deleted Items folder
peration SendAs - Send message using Send As Exchange mailbox permissions
peration SendOnBehalf - Send message using Send on Behalf Exchange mailbox permissions
peration SoftDelete - Delete Exchange mailbox item from Deleted Items folder
peration Update - Update Exchange mailbox item's properties
formation Event - Mailbox audit policy applied
ndocumented Exchange admin operation
dd-ADPermission Exchange cmdlet issued
dd-AvailabilityAddressSpace Exchange cmdlet issued
dd-ContentFilterPhrase Exchange cmdlet issued
dd-DatabaseAvailabilityGroupServer Exchange cmdlet issued
dd-DistributionGroupMember Exchange cmdlet issued
dd-FederatedDomain Exchange cmdlet issued
dd-IPAllowListEntry Exchange cmdlet issued
dd-IPAllowListProvider Exchange cmdlet issued
dd-IPBlockListEntry Exchange cmdlet issued
dd-IPBlockListProvider Exchange cmdlet issued
dd-MailboxDatabaseCopy Exchange cmdlet issued
dd-MailboxFolderPermission Exchange cmdlet issued
dd-MailboxPermission Exchange cmdlet issued
dd-ManagementRoleEntry Exchange cmdlet issued
dd-PublicFolderAdministrativePermission Exchange cmdlet issued
dd-PublicFolderClientPermission Exchange cmdlet issued
dd-RoleGroupMember Exchange cmdlet issued
ean-MailboxDatabase Exchange cmdlet issued
ear-ActiveSyncDevice Exchange cmdlet issued
ear-TextMessagingAccount Exchange cmdlet issued
ompare-TextMessagingVerificationCode Exchange cmdlet issued
onnect-Mailbox Exchange cmdlet issued
sable-AddressListPaging Exchange cmdlet issued
sable-CmdletExtensionAgent Exchange cmdlet issued
sable-DistributionGroup Exchange cmdlet issued
sable-InboxRule Exchange cmdlet issued
sable-JournalRule Exchange cmdlet issued
sable-Mailbox Exchange cmdlet issued
sable-MailContact Exchange cmdlet issued
sable-MailPublicFolder Exchange cmdlet issued
sable-MailUser Exchange cmdlet issued
 sable-OutlookAnywhere Exchange cmdlet issued
sable-OutlookProtectionRule Exchange cmdlet issued
sable-RemoteMailbox Exchange cmdlet issued
sable-ServiceEmailChannel Exchange cmdlet issued
sable-TransportAgent Exchange cmdlet issued
sable-TransportRule Exchange cmdlet issued
sable-UMAutoAttendant Exchange cmdlet issued
sable-UMIPGateway Exchange cmdlet issued
sable-UMMailbox Exchange cmdlet issued
sable-UMServer Exchange cmdlet issued
smount-Database Exchange cmdlet issued
nable-AddressListPaging Exchange cmdlet issued
nable-AntispamUpdates Exchange cmdlet issued
nable-CmdletExtensionAgent Exchange cmdlet issued
nable-DistributionGroup Exchange cmdlet issued
nable-ExchangeCertificate Exchange cmdlet issued
nable-InboxRule Exchange cmdlet issued
nable-JournalRule Exchange cmdlet issued
nable-Mailbox Exchange cmdlet issued
nable-MailContact Exchange cmdlet issued
nable-MailPublicFolder Exchange cmdlet issued
nable-MailUser Exchange cmdlet issued
nable-OutlookAnywhere Exchange cmdlet issued
nable-OutlookProtectionRule Exchange cmdlet issued
nable-RemoteMailbox Exchange cmdlet issued
nable-ServiceEmailChannel Exchange cmdlet issued
nable-TransportAgent Exchange cmdlet issued
nable-TransportRule Exchange cmdlet issued
nable-UMAutoAttendant Exchange cmdlet issued
nable-UMIPGateway Exchange cmdlet issued
nable-UMMailbox Exchange cmdlet issued
nable-UMServer Exchange cmdlet issued
port-ActiveSyncLog Exchange cmdlet issued
port-AutoDiscoverConfig Exchange cmdlet issued
port-ExchangeCertificate Exchange cmdlet issued
port-JournalRuleCollection Exchange cmdlet issued
port-MailboxDiagnosticLogs Exchange cmdlet issued
port-Message Exchange cmdlet issued
port-RecipientDataProperty Exchange cmdlet issued
port-TransportRuleCollection Exchange cmdlet issued
port-UMCallDataRecord Exchange cmdlet issued
port-UMPrompt Exchange cmdlet issued
mport-ExchangeCertificate Exchange cmdlet issued
mport-JournalRuleCollection Exchange cmdlet issued
mport-RecipientDataProperty Exchange cmdlet issued
mport-TransportRuleCollection Exchange cmdlet issued
mport-UMPrompt Exchange cmdlet issued
stall-TransportAgent Exchange cmdlet issued
ount-Database Exchange cmdlet issued
ove-ActiveMailboxDatabase Exchange cmdlet issued
ove-AddressList Exchange cmdlet issued
ove-DatabasePath Exchange cmdlet issued
ove-OfflineAddressBook Exchange cmdlet issued
ew-AcceptedDomain Exchange cmdlet issued
ew-ActiveSyncDeviceAccessRule Exchange cmdlet issued
ew-ActiveSyncMailboxPolicy Exchange cmdlet issued
ew-ActiveSyncVirtualDirectory Exchange cmdlet issued
ew-AddressList Exchange cmdlet issued
ew-AdminAuditLogSearch Exchange cmdlet issued
ew-AutodiscoverVirtualDirectory Exchange cmdlet issued
ew-AvailabilityReportOutage Exchange cmdlet issued
ew-ClientAccessArray Exchange cmdlet issued
ew-DatabaseAvailabilityGroup Exchange cmdlet issued
ew-DatabaseAvailabilityGroupNetwork Exchange cmdlet issued
ew-DeliveryAgentConnector Exchange cmdlet issued
ew-DistributionGroup Exchange cmdlet issued
ew-DynamicDistributionGroup Exchange cmdlet issued
ew-EcpVirtualDirectory Exchange cmdlet issued
ew-EdgeSubscription Exchange cmdlet issued
ew-EdgeSyncServiceConfig Exchange cmdlet issued
ew-EmailAddressPolicy Exchange cmdlet issued
ew-ExchangeCertificate Exchange cmdlet issued
ew-FederationTrust Exchange cmdlet issued
ew-ForeignConnector Exchange cmdlet issued
ew-GlobalAddressList Exchange cmdlet issued
ew-InboxRule Exchange cmdlet issued
ew-JournalRule Exchange cmdlet issued
ew-Mailbox Exchange cmdlet issued
ew-MailboxAuditLogSearch Exchange cmdlet issued
ew-MailboxDatabase Exchange cmdlet issued
ew-MailboxFolder Exchange cmdlet issued
ew-MailboxRepairRequest Exchange cmdlet issued
ew-MailboxRestoreRequest Exchange cmdlet issued
ew-MailContact Exchange cmdlet issued
ew-MailMessage Exchange cmdlet issued
ew-MailUser Exchange cmdlet issued
ew-ManagedContentSettings Exchange cmdlet issued
ew-ManagedFolder Exchange cmdlet issued
ew-ManagedFolderMailboxPolicy Exchange cmdlet issued
ew-ManagementRole Exchange cmdlet issued
ew-ManagementRoleAssignment Exchange cmdlet issued
ew-ManagementScope Exchange cmdlet issued
ew-MessageClassification Exchange cmdlet issued
ew-MoveRequest Exchange cmdlet issued
ew-OabVirtualDirectory Exchange cmdlet issued
ew-OfflineAddressBook Exchange cmdlet issued
ew-OrganizationRelationship Exchange cmdlet issued
ew-OutlookProtectionRule Exchange cmdlet issued
ew-OutlookProvider Exchange cmdlet issued
ew-OwaMailboxPolicy Exchange cmdlet issued
ew-OwaVirtualDirectory Exchange cmdlet issued
ew-PublicFolder Exchange cmdlet issued
ew-PublicFolderDatabase Exchange cmdlet issued
ew-PublicFolderDatabaseRepairRequest Exchange cmdlet issued
ew-ReceiveConnector Exchange cmdlet issued
ew-RemoteDomain Exchange cmdlet issued
ew-RemoteMailbox Exchange cmdlet issued
ew-RetentionPolicy Exchange cmdlet issued
ew-RetentionPolicyTag Exchange cmdlet issued
ew-RoleAssignmentPolicy Exchange cmdlet issued
ew-RoleGroup Exchange cmdlet issued
ew-RoutingGroupConnector Exchange cmdlet issued
ew-RpcClientAccess Exchange cmdlet issued
ew-SendConnector Exchange cmdlet issued
ew-SharingPolicy Exchange cmdlet issued
ew-SystemMessage Exchange cmdlet issued
ew-ThrottlingPolicy Exchange cmdlet issued
ew-TransportRule Exchange cmdlet issued
ew-UMAutoAttendant Exchange cmdlet issued
ew-UMDialPlan Exchange cmdlet issued
ew-UMHuntGroup Exchange cmdlet issued
ew-UMIPGateway Exchange cmdlet issued
ew-UMMailboxPolicy Exchange cmdlet issued
ew-WebServicesVirtualDirectory Exchange cmdlet issued
ew-X400AuthoritativeDomain Exchange cmdlet issued
emove-AcceptedDomain Exchange cmdlet issued
emove-ActiveSyncDevice Exchange cmdlet issued
emove-ActiveSyncDeviceAccessRule Exchange cmdlet issued
emove-ActiveSyncDeviceClass Exchange cmdlet issued
emove-ActiveSyncMailboxPolicy Exchange cmdlet issued
emove-ActiveSyncVirtualDirectory Exchange cmdlet issued
emove-AddressList Exchange cmdlet issued
emove-ADPermission Exchange cmdlet issued
emove-AutodiscoverVirtualDirectory Exchange cmdlet issued
emove-AvailabilityAddressSpace Exchange cmdlet issued
emove-AvailabilityReportOutage Exchange cmdlet issued
emove-ClientAccessArray Exchange cmdlet issued
emove-ContentFilterPhrase Exchange cmdlet issued
emove-DatabaseAvailabilityGroup Exchange cmdlet issued
emove-DatabaseAvailabilityGroupNetwork Exchange cmdlet issued
emove-DatabaseAvailabilityGroupServer Exchange cmdlet issued
emove-DeliveryAgentConnector Exchange cmdlet issued
emove-DistributionGroup Exchange cmdlet issued
emove-DistributionGroupMember Exchange cmdlet issued
emove-DynamicDistributionGroup Exchange cmdlet issued
emove-EcpVirtualDirectory Exchange cmdlet issued
emove-EdgeSubscription Exchange cmdlet issued
emove-EmailAddressPolicy Exchange cmdlet issued
emove-ExchangeCertificate Exchange cmdlet issued
emove-FederatedDomain Exchange cmdlet issued
emove-FederationTrust Exchange cmdlet issued
emove-ForeignConnector Exchange cmdlet issued
emove-GlobalAddressList Exchange cmdlet issued
emove-InboxRule Exchange cmdlet issued
emove-IPAllowListEntry Exchange cmdlet issued
emove-IPAllowListProvider Exchange cmdlet issued
emove-IPBlockListEntry Exchange cmdlet issued
emove-IPBlockListProvider Exchange cmdlet issued
emove-JournalRule Exchange cmdlet issued
emove-Mailbox Exchange cmdlet issued
emove-MailboxDatabase Exchange cmdlet issued
emove-MailboxDatabaseCopy Exchange cmdlet issued
emove-MailboxFolderPermission Exchange cmdlet issued
emove-MailboxPermission Exchange cmdlet issued
emove-MailboxRestoreRequest Exchange cmdlet issued
emove-MailContact Exchange cmdlet issued
emove-MailUser Exchange cmdlet issued
emove-ManagedContentSettings Exchange cmdlet issued
emove-ManagedFolder Exchange cmdlet issued
emove-ManagedFolderMailboxPolicy Exchange cmdlet issued
emove-ManagementRole Exchange cmdlet issued
emove-ManagementRoleAssignment Exchange cmdlet issued
emove-ManagementRoleEntry Exchange cmdlet issued
emove-ManagementScope Exchange cmdlet issued
emove-Message Exchange cmdlet issued
emove-MessageClassification Exchange cmdlet issued
emove-MoveRequest Exchange cmdlet issued
emove-OabVirtualDirectory Exchange cmdlet issued
emove-OfflineAddressBook Exchange cmdlet issued
emove-OrganizationRelationship Exchange cmdlet issued
emove-OutlookProtectionRule Exchange cmdlet issued
emove-OutlookProvider Exchange cmdlet issued
emove-OwaMailboxPolicy Exchange cmdlet issued
emove-OwaVirtualDirectory Exchange cmdlet issued
emove-PublicFolder Exchange cmdlet issued
emove-PublicFolderAdministrativePermission Exchange cmdlet issued
emove-PublicFolderClientPermission Exchange cmdlet issued
emove-PublicFolderDatabase Exchange cmdlet issued
emove-ReceiveConnector Exchange cmdlet issued
emove-RemoteDomain Exchange cmdlet issued
emove-RemoteMailbox Exchange cmdlet issued
emove-RetentionPolicy Exchange cmdlet issued
emove-RetentionPolicyTag Exchange cmdlet issued
emove-RoleAssignmentPolicy Exchange cmdlet issued
emove-RoleGroup Exchange cmdlet issued
emove-RoleGroupMember Exchange cmdlet issued
emove-RoutingGroupConnector Exchange cmdlet issued
emove-RpcClientAccess Exchange cmdlet issued
emove-SendConnector Exchange cmdlet issued
emove-SharingPolicy Exchange cmdlet issued
emove-StoreMailbox Exchange cmdlet issued
emove-SystemMessage Exchange cmdlet issued
emove-ThrottlingPolicy Exchange cmdlet issued
emove-TransportRule Exchange cmdlet issued
emove-UMAutoAttendant Exchange cmdlet issued
emove-UMDialPlan Exchange cmdlet issued
emove-UMHuntGroup Exchange cmdlet issued
emove-UMIPGateway Exchange cmdlet issued
emove-UMMailboxPolicy Exchange cmdlet issued
emove-WebServicesVirtualDirectory Exchange cmdlet issued
emove-X400AuthoritativeDomain Exchange cmdlet issued
estore-DatabaseAvailabilityGroup Exchange cmdlet issued
estore-DetailsTemplate Exchange cmdlet issued
estore-Mailbox Exchange cmdlet issued
esume-MailboxDatabaseCopy Exchange cmdlet issued
esume-MailboxExportRequest Exchange cmdlet issued
esume-MailboxRestoreRequest Exchange cmdlet issued
esume-Message Exchange cmdlet issued
esume-MoveRequest Exchange cmdlet issued
esume-PublicFolderReplication Exchange cmdlet issued
esume-Queue Exchange cmdlet issued
etry-Queue Exchange cmdlet issued
end-TextMessagingVerificationCode Exchange cmdlet issued
et-AcceptedDomain Exchange cmdlet issued
et-ActiveSyncDeviceAccessRule Exchange cmdlet issued
et-ActiveSyncMailboxPolicy Exchange cmdlet issued
et-ActiveSyncOrganizationSettings Exchange cmdlet issued
et-ActiveSyncVirtualDirectory Exchange cmdlet issued
et-AddressList Exchange cmdlet issued
et-AdminAuditLogConfig Exchange cmdlet issued
et-ADServerSettings Exchange cmdlet issued
et-ADSite Exchange cmdlet issued
et-AdSiteLink Exchange cmdlet issued
et-AutodiscoverVirtualDirectory Exchange cmdlet issued
et-AvailabilityConfig Exchange cmdlet issued
et-AvailabilityReportOutage Exchange cmdlet issued
et-CalendarNotification Exchange cmdlet issued
et-CalendarProcessing Exchange cmdlet issued
et-CASMailbox Exchange cmdlet issued
et-ClientAccessArray Exchange cmdlet issued
et-ClientAccessServer Exchange cmdlet issued
et-CmdletExtensionAgent Exchange cmdlet issued
et-Contact Exchange cmdlet issued
et-ContentFilterConfig Exchange cmdlet issued
et-DatabaseAvailabilityGroup Exchange cmdlet issued
et-DatabaseAvailabilityGroupNetwork Exchange cmdlet issued
et-DeliveryAgentConnector Exchange cmdlet issued
et-DetailsTemplate Exchange cmdlet issued
et-DistributionGroup Exchange cmdlet issued
et-DynamicDistributionGroup Exchange cmdlet issued
et-EcpVirtualDirectory Exchange cmdlet issued
et-EdgeSyncServiceConfig Exchange cmdlet issued
et-EmailAddressPolicy Exchange cmdlet issued
et-EventLogLevel Exchange cmdlet issued
et-ExchangeAssistanceConfig Exchange cmdlet issued
et-ExchangeServer Exchange cmdlet issued
et-FederatedOrganizationIdentifier Exchange cmdlet issued
et-FederationTrust Exchange cmdlet issued
et-ForeignConnector Exchange cmdlet issued
et-GlobalAddressList Exchange cmdlet issued
et-Group Exchange cmdlet issued
et-ImapSettings Exchange cmdlet issued
et-InboxRule Exchange cmdlet issued
et-IPAllowListConfig Exchange cmdlet issued
et-IPAllowListProvider Exchange cmdlet issued
et-IPAllowListProvidersConfig Exchange cmdlet issued
et-IPBlockListConfig Exchange cmdlet issued
et-IPBlockListProvider Exchange cmdlet issued
et-IPBlockListProvidersConfig Exchange cmdlet issued
et-IRMConfiguration Exchange cmdlet issued
et-JournalRule Exchange cmdlet issued
et-Mailbox Exchange cmdlet issued
et-MailboxAuditBypassAssociation Exchange cmdlet issued
et-MailboxAutoReplyConfiguration Exchange cmdlet issued
et-MailboxCalendarConfiguration Exchange cmdlet issued
et-MailboxCalendarFolder Exchange cmdlet issued
et-MailboxDatabase Exchange cmdlet issued
et-MailboxDatabaseCopy Exchange cmdlet issued
et-MailboxFolderPermission Exchange cmdlet issued
et-MailboxJunkEmailConfiguration Exchange cmdlet issued
et-MailboxMessageConfiguration Exchange cmdlet issued
et-MailboxRegionalConfiguration Exchange cmdlet issued
et-MailboxRestoreRequest Exchange cmdlet issued
et-MailboxServer Exchange cmdlet issued
et-MailboxSpellingConfiguration Exchange cmdlet issued
et-MailContact Exchange cmdlet issued
et-MailPublicFolder Exchange cmdlet issued
et-MailUser Exchange cmdlet issued
et-ManagedContentSettings Exchange cmdlet issued
et-ManagedFolder Exchange cmdlet issued
et-ManagedFolderMailboxPolicy Exchange cmdlet issued
et-ManagementRoleAssignment Exchange cmdlet issued
et-ManagementRoleEntry Exchange cmdlet issued
et-ManagementScope Exchange cmdlet issued
et-MessageClassification Exchange cmdlet issued
et-MoveRequest Exchange cmdlet issued
et-OabVirtualDirectory Exchange cmdlet issued
et-OfflineAddressBook Exchange cmdlet issued
et-OrganizationConfig Exchange cmdlet issued
et-OrganizationRelationship Exchange cmdlet issued
et-OutlookAnywhere Exchange cmdlet issued
et-OutlookProtectionRule Exchange cmdlet issued
et-OutlookProvider Exchange cmdlet issued
et-OwaMailboxPolicy Exchange cmdlet issued
et-OwaVirtualDirectory Exchange cmdlet issued
et-PopSettings Exchange cmdlet issued
et-PowerShellVirtualDirectory Exchange cmdlet issued
et-PublicFolder Exchange cmdlet issued
et-PublicFolderDatabase Exchange cmdlet issued
et-ReceiveConnector Exchange cmdlet issued
et-RecipientFilterConfig Exchange cmdlet issued
et-RemoteDomain Exchange cmdlet issued
et-RemoteMailbox Exchange cmdlet issued
et-ResourceConfig Exchange cmdlet issued
et-RetentionPolicy Exchange cmdlet issued
et-RetentionPolicyTag Exchange cmdlet issued
et-RoleAssignmentPolicy Exchange cmdlet issued
et-RoleGroup Exchange cmdlet issued
et-RoutingGroupConnector Exchange cmdlet issued
et-RpcClientAccess Exchange cmdlet issued
et-SendConnector Exchange cmdlet issued
et-SenderFilterConfig Exchange cmdlet issued
et-SenderIdConfig Exchange cmdlet issued
et-SenderReputationConfig Exchange cmdlet issued
et-SharingPolicy Exchange cmdlet issued
et-SystemMessage Exchange cmdlet issued
et-TextMessagingAccount Exchange cmdlet issued
et-ThrottlingPolicy Exchange cmdlet issued
et-ThrottlingPolicyAssociation Exchange cmdlet issued
et-TransportAgent Exchange cmdlet issued
et-TransportConfig Exchange cmdlet issued
et-TransportRule Exchange cmdlet issued
et-TransportServer Exchange cmdlet issued
et-UMAutoAttendant Exchange cmdlet issued
et-UMDialPlan Exchange cmdlet issued
et-UMIPGateway Exchange cmdlet issued
et-UMMailbox Exchange cmdlet issued
et-UMMailboxPIN Exchange cmdlet issued
et-UMMailboxPolicy Exchange cmdlet issued
et-UmServer Exchange cmdlet issued
et-User Exchange cmdlet issued
et-WebServicesVirtualDirectory Exchange cmdlet issued
et-X400AuthoritativeDomain Exchange cmdlet issued
art-DatabaseAvailabilityGroup Exchange cmdlet issued
art-EdgeSynchronization Exchange cmdlet issued
art-ManagedFolderAssistant Exchange cmdlet issued
art-RetentionAutoTagLearning Exchange cmdlet issued
op-DatabaseAvailabilityGroup Exchange cmdlet issued
op-ManagedFolderAssistant Exchange cmdlet issued
uspend-MailboxDatabaseCopy Exchange cmdlet issued
uspend-MailboxRestoreRequest Exchange cmdlet issued
uspend-Message Exchange cmdlet issued
uspend-MoveRequest Exchange cmdlet issued
uspend-PublicFolderReplication Exchange cmdlet issued
uspend-Queue Exchange cmdlet issued
est-ActiveSyncConnectivity Exchange cmdlet issued
est-AssistantHealth Exchange cmdlet issued
est-CalendarConnectivity Exchange cmdlet issued
est-EcpConnectivity Exchange cmdlet issued
est-EdgeSynchronization Exchange cmdlet issued
est-ExchangeSearch Exchange cmdlet issued
est-FederationTrust Exchange cmdlet issued
est-FederationTrustCertificate Exchange cmdlet issued
est-ImapConnectivity Exchange cmdlet issued
est-IPAllowListProvider Exchange cmdlet issued
est-IPBlockListProvider Exchange cmdlet issued
est-IRMConfiguration Exchange cmdlet issued
est-Mailflow Exchange cmdlet issued
est-MAPIConnectivity Exchange cmdlet issued
est-MRSHealth Exchange cmdlet issued
est-OrganizationRelationship Exchange cmdlet issued
est-OutlookConnectivity Exchange cmdlet issued
est-OutlookWebServices Exchange cmdlet issued
est-OwaConnectivity Exchange cmdlet issued
est-PopConnectivity Exchange cmdlet issued
est-PowerShellConnectivity Exchange cmdlet issued
est-ReplicationHealth Exchange cmdlet issued
est-SenderId Exchange cmdlet issued
est-ServiceHealth Exchange cmdlet issued
est-SmtpConnectivity Exchange cmdlet issued
est-SystemHealth Exchange cmdlet issued
est-UMConnectivity Exchange cmdlet issued
est-WebServicesConnectivity Exchange cmdlet issued
ninstall-TransportAgent Exchange cmdlet issued
pdate-AddressList Exchange cmdlet issued
pdate-DistributionGroupMember Exchange cmdlet issued
pdate-EmailAddressPolicy Exchange cmdlet issued
pdate-FileDistributionService Exchange cmdlet issued
pdate-GlobalAddressList Exchange cmdlet issued
pdate-MailboxDatabaseCopy Exchange cmdlet issued
pdate-OfflineAddressBook Exchange cmdlet issued
pdate-PublicFolder Exchange cmdlet issued
pdate-PublicFolderHierarchy Exchange cmdlet issued
pdate-Recipient Exchange cmdlet issued
pdate-RoleGroupMember Exchange cmdlet issued
pdate-SafeList Exchange cmdlet issued
rite-AdminAuditLog Exchange cmdlet issued
dd-GlobalMonitoringOverride Exchange cmdlet issued
dd-ResubmitRequest Exchange cmdlet issued
dd-ServerMonitoringOverride Exchange cmdlet issued
ear-MobileDevice Exchange cmdlet issued
omplete-MigrationBatch Exchange cmdlet issued
sable-App Exchange cmdlet issued
sable-MailboxQuarantine Exchange cmdlet issued
sable-UMCallAnsweringRule Exchange cmdlet issued
sable-UMService Exchange cmdlet issued
ump-ProvisioningCache Exchange cmdlet issued
nable-App Exchange cmdlet issued
nable-MailboxQuarantine Exchange cmdlet issued
nable-UMCallAnsweringRule Exchange cmdlet issued
nable-UMService Exchange cmdlet issued
port-DlpPolicyCollection Exchange cmdlet issued
port-MigrationReport Exchange cmdlet issued
mport-DlpPolicyCollection Exchange cmdlet issued
mport-DlpPolicyTemplate Exchange cmdlet issued
voke-MonitoringProbe Exchange cmdlet issued
ew-AddressBookPolicy Exchange cmdlet issued
ew-App Exchange cmdlet issued
ew-AuthServer Exchange cmdlet issued
ew-ClassificationRuleCollection Exchange cmdlet issued
ew-DlpPolicy Exchange cmdlet issued
ew-HybridConfiguration Exchange cmdlet issued
ew-MailboxExportRequest Exchange cmdlet issued
ew-MailboxImportRequest Exchange cmdlet issued
ew-MailboxSearch Exchange cmdlet issued
ew-MalwareFilterPolicy Exchange cmdlet issued
ew-MigrationBatch Exchange cmdlet issued
ew-MigrationEndpoint Exchange cmdlet issued
ew-MobileDeviceMailboxPolicy Exchange cmdlet issued
ew-OnPremisesOrganization Exchange cmdlet issued
ew-PartnerApplication Exchange cmdlet issued
ew-PolicyTipConfig Exchange cmdlet issued
ew-PowerShellVirtualDirectory Exchange cmdlet issued
ew-PublicFolderMigrationRequest Exchange cmdlet issued
ew-ResourcePolicy Exchange cmdlet issued
ew-SiteMailboxProvisioningPolicy Exchange cmdlet issued
ew-SyncMailPublicFolder Exchange cmdlet issued
ew-UMCallAnsweringRule Exchange cmdlet issued
ew-WorkloadManagementPolicy Exchange cmdlet issued
ew-WorkloadPolicy Exchange cmdlet issued
edirect-Message Exchange cmdlet issued
emove-AddressBookPolicy Exchange cmdlet issued
emove-App Exchange cmdlet issued
emove-AuthServer Exchange cmdlet issued
emove-ClassificationRuleCollection Exchange cmdlet issued
emove-DlpPolicy Exchange cmdlet issued
emove-DlpPolicyTemplate Exchange cmdlet issued
emove-GlobalMonitoringOverride Exchange cmdlet issued
emove-HybridConfiguration Exchange cmdlet issued
emove-LinkedUser Exchange cmdlet issued
emove-MailboxExportRequest Exchange cmdlet issued
emove-MailboxImportRequest Exchange cmdlet issued
emove-MailboxSearch Exchange cmdlet issued
emove-MalwareFilterPolicy Exchange cmdlet issued
emove-MalwareFilterRecoveryItem Exchange cmdlet issued
emove-MigrationBatch Exchange cmdlet issued
emove-MigrationEndpoint Exchange cmdlet issued
emove-MigrationUser Exchange cmdlet issued
emove-MobileDevice Exchange cmdlet issued
emove-MobileDeviceMailboxPolicy Exchange cmdlet issued
emove-OnPremisesOrganization Exchange cmdlet issued
emove-PartnerApplication Exchange cmdlet issued
emove-PolicyTipConfig Exchange cmdlet issued
emove-PowerShellVirtualDirectory Exchange cmdlet issued
emove-PublicFolderMigrationRequest Exchange cmdlet issued
emove-ResourcePolicy Exchange cmdlet issued
emove-ResubmitRequest Exchange cmdlet issued
emove-SiteMailboxProvisioningPolicy Exchange cmdlet issued
emove-UMCallAnsweringRule Exchange cmdlet issued
emove-UserPhoto Exchange cmdlet issued
emove-WorkloadManagementPolicy Exchange cmdlet issued
emove-WorkloadPolicy Exchange cmdlet issued
eset-ProvisioningCache Exchange cmdlet issued
esume-MailboxImportRequest Exchange cmdlet issued
esume-MalwareFilterRecoveryItem Exchange cmdlet issued
esume-PublicFolderMigrationRequest Exchange cmdlet issued
et-ActiveSyncDeviceAccessRule Exchange cmdlet issued
et-AddressBookPolicy Exchange cmdlet issued
et-App Exchange cmdlet issued
et-AuthConfig Exchange cmdlet issued
et-AuthServer Exchange cmdlet issued
et-ClassificationRuleCollection Exchange cmdlet issued
et-DlpPolicy Exchange cmdlet issued
et-FrontendTransportService Exchange cmdlet issued
et-HybridConfiguration Exchange cmdlet issued
et-HybridMailflow Exchange cmdlet issued
et-MailboxExportRequest Exchange cmdlet issued
et-MailboxImportRequest Exchange cmdlet issued
et-MailboxSearch Exchange cmdlet issued
et-MailboxTransportService Exchange cmdlet issued
et-MalwareFilteringServer Exchange cmdlet issued
et-MalwareFilterPolicy Exchange cmdlet issued
et-MigrationBatch Exchange cmdlet issued
et-MigrationConfig Exchange cmdlet issued
et-MigrationEndpoint Exchange cmdlet issued
et-MobileDeviceMailboxPolicy Exchange cmdlet issued
et-Notification Exchange cmdlet issued
et-OnPremisesOrganization Exchange cmdlet issued
et-PartnerApplication Exchange cmdlet issued
et-PendingFederatedDomain Exchange cmdlet issued
et-PolicyTipConfig Exchange cmdlet issued
et-PublicFolderMigrationRequest Exchange cmdlet issued
et-ResourcePolicy Exchange cmdlet issued
et-ResubmitRequest Exchange cmdlet issued
et-RMSTemplate Exchange cmdlet issued
et-ServerComponentState Exchange cmdlet issued
et-ServerMonitor Exchange cmdlet issued
et-SiteMailbox Exchange cmdlet issued
et-SiteMailboxProvisioningPolicy Exchange cmdlet issued
et-TransportService Exchange cmdlet issued
et-UMCallAnsweringRule Exchange cmdlet issued
et-UMCallRouterSettings Exchange cmdlet issued
et-UMService Exchange cmdlet issued
et-UserPhoto Exchange cmdlet issued
et-WorkloadPolicy Exchange cmdlet issued
art-MailboxSearch Exchange cmdlet issued
art-MigrationBatch Exchange cmdlet issued
op-MailboxSearch Exchange cmdlet issued
op-MigrationBatch Exchange cmdlet issued
uspend-MailboxExportRequest Exchange cmdlet issued
uspend-MailboxImportRequest Exchange cmdlet issued
uspend-PublicFolderMigrationRequest Exchange cmdlet issued
est-ArchiveConnectivity Exchange cmdlet issued
est-MigrationServerAvailability Exchange cmdlet issued
est-OAuthConnectivity Exchange cmdlet issued
est-SiteMailbox Exchange cmdlet issued
pdate-HybridConfiguration Exchange cmdlet issued
pdate-PublicFolderMailbox Exchange cmdlet issued
pdate-SiteMailbox Exchange cmdlet issued
dd-AttachmentFilterEntry Exchange cmdlet issued
emove-AttachmentFilterEntry Exchange cmdlet issued
ew-AddressRewriteEntry Exchange cmdlet issued
emove-AddressRewriteEntry Exchange cmdlet issued
et-AddressRewriteEntry Exchange cmdlet issued
et-AttachmentFilterListConfig Exchange cmdlet issued
et-MailboxSentItemsConfiguration Exchange cmdlet issued
pdate-MovedMailbox Exchange cmdlet issued
sable-MalwareFilterRule Exchange cmdlet issued
nable-MalwareFilterRule Exchange cmdlet issued
ew-MalwareFilterRule Exchange cmdlet issued
emove-MalwareFilterRule Exchange cmdlet issued
et-MalwareFilterRule Exchange cmdlet issued
emove-MailboxRepairRequest Exchange cmdlet issued
emove-ServerMonitoringOverride Exchange cmdlet issued
pdate-ExchangeHelp Exchange cmdlet issued
pdate-StoreMailboxState Exchange cmdlet issued
sable-PushNotificationProxy Exchange cmdlet issued
nable-PushNotificationProxy Exchange cmdlet issued
ew-PublicFolderMoveRequest Exchange cmdlet issued
emove-PublicFolderMoveRequest Exchange cmdlet issued
esume-PublicFolderMoveRequest Exchange cmdlet issued
et-PublicFolderMoveRequest Exchange cmdlet issued
uspend-PublicFolderMoveRequest Exchange cmdlet issued
pdate-DatabaseSchema Exchange cmdlet issued
et-SearchDocumentFormat Exchange cmdlet issued
ew-AuthRedirect Exchange cmdlet issued
ew-CompliancePolicySyncNotification Exchange cmdlet issued
ew-ComplianceServiceVirtualDirectory Exchange cmdlet issued
ew-DatabaseAvailabilityGroupConfiguration Exchange cmdlet issued
ew-DataClassification Exchange cmdlet issued
ew-Fingerprint Exchange cmdlet issued
ew-IntraOrganizationConnector Exchange cmdlet issued
ew-MailboxDeliveryVirtualDirectory Exchange cmdlet issued
ew-MapiVirtualDirectory Exchange cmdlet issued
ew-OutlookServiceVirtualDirectory Exchange cmdlet issued
ew-RestVirtualDirectory Exchange cmdlet issued
ew-SearchDocumentFormat Exchange cmdlet issued
ew-SettingOverride Exchange cmdlet issued
ew-SiteMailbox Exchange cmdlet issued
emove-AuthRedirect Exchange cmdlet issued
emove-CompliancePolicySyncNotification Exchange cmdlet issued
emove-ComplianceServiceVirtualDirectory Exchange cmdlet issued
emove-DatabaseAvailabilityGroupConfiguration Exchange cmdlet issued
emove-DataClassification Exchange cmdlet issued
emove-IntraOrganizationConnector Exchange cmdlet issued
emove-MailboxDeliveryVirtualDirectory Exchange cmdlet issued
emove-MapiVirtualDirectory Exchange cmdlet issued
emove-OutlookServiceVirtualDirectory Exchange cmdlet issued
emove-PublicFolderMailboxMigrationRequest Exchange cmdlet issued
emove-PushNotificationSubscription Exchange cmdlet issued
emove-RestVirtualDirectory Exchange cmdlet issued
emove-SearchDocumentFormat Exchange cmdlet issued
emove-SettingOverride Exchange cmdlet issued
emove-SyncMailPublicFolder Exchange cmdlet issued
esume-PublicFolderMailboxMigrationRequest Exchange cmdlet issued
end-MapiSubmitSystemProbe Exchange cmdlet issued
et-AuthRedirect Exchange cmdlet issued
et-ClientAccessService Exchange cmdlet issued
et-Clutter Exchange cmdlet issued
et-ComplianceServiceVirtualDirectory Exchange cmdlet issued
et-ConsumerMailbox Exchange cmdlet issued
et-DatabaseAvailabilityGroupConfiguration Exchange cmdlet issued
et-DataClassification Exchange cmdlet issued
et-IntraOrganizationConnector Exchange cmdlet issued
et-LogExportVirtualDirectory Exchange cmdlet issued
et-MailboxDeliveryVirtualDirectory Exchange cmdlet issued
et-MapiVirtualDirectory Exchange cmdlet issued
et-OutlookServiceVirtualDirectory Exchange cmdlet issued
et-PublicFolderMailboxMigrationRequest Exchange cmdlet issued
et-RestVirtualDirectory Exchange cmdlet issued
et-SettingOverride Exchange cmdlet issued
et-SmimeConfig Exchange cmdlet issued
et-SubmissionMalwareFilteringServer Exchange cmdlet issued
et-UMMailboxConfiguration Exchange cmdlet issued
et-UnifiedAuditSetting Exchange cmdlet issued
art-AuditAssistant Exchange cmdlet issued
art-UMPhoneSession Exchange cmdlet issued
op-UMPhoneSession Exchange cmdlet issued
est-DataClassification Exchange cmdlet issued
est-TextExtraction Exchange cmdlet issued
te collection audit policy changed
udit policy changed
ocument checked in
ocument checked out
hild object deleted
hild object moved
bject copied
ustom event
bject deleted
harePoint audit logs deleted
bject moved
bject profile changed
harePoint object structure changed
earch performed
harePoint group created
harePoint group deleted
harePoint group member added
harePoint group member removed
nique permissions created
nique permissions removed
ermissions updated
ermissions removed
nique permission levels created
ermission level created
ermission level deleted
ermission level modified
harePoint site collection administrator added
harePoint site collection administrator removed
bject restored
te collection updated
eb updated
ocument library updated
ocument updated
st updated
st item updated
older updated
ocument viewed
ocument library viewed
st viewed
bject viewed
orkflow accessed
formation management policy created
formation management policy changed
te collection information management policy created
te collection information management policy changed
port of objects started
port of objects completed
mport of objects started
mport of objects completed
ossible tampering warning
etention policy processed
ocument fragment updated
ontent type imported
formation management policy deleted
em declared as a record
em undeclared as a record
etwrix SharePoint Audit Event
QL audit event
gin succeeded (action_id LGIS)
gout succeeded (action_id LGO)
gin failed (action_id LGIF)
hange own password succeeded (action_id PWCS; class_type LX)
hange own password failed (action_id PWCS; class_type LX)
hange password succeeded (action_id PWC class_type LX)
hange password failed (action_id PWC class_type LX)
eset own password succeeded (action_id PWRS; class_type LX)
eset own password failed (action_id PWRS; class_type LX)
eset password succeeded (action_id PWR; class_type LX)
eset password failed (action_id PWR; class_type LX)
ust change password (action_id PWMC)
ccount unlocked (action_id PWU)
hange application role password succeeded (action_id PWC; class_type AR)
hange application role password failed (action_id PWC class_type AR)
dd member to server role succeeded (action_id APRL class_type SG)
dd member to server role failed (action_id APRL class_type SG)
emove member from server role succeeded (action_id DPRL class_type SG)
emove member from server role failed (action_id DPRL class_type SG)
dd member to database role succeeded (action_id APRL class_type RL)
dd member to database role failed (action_id APRL class_type RL)
emove member from database role succeeded (action_id DPRL class_type RL)
emove member from database role failed (action_id DPRL class_type RL)
sued database backup command (action_id BA class_type DB)
sued transaction log backup command (action_id BAL)
sued database restore command (action_id RS class_type DB)
sued transaction log restore command (action_id RS class_type DB)
sued database console command (action_id DBCC)
sued a bulk administration command (action_id ADBO)
sued an alter connection command (action_id ALCN)
sued an alter resources command (action_id ALRS)
sued an alter server state command (action_id ALSS)
sued an alter server settings command (action_id ALST)
sued a view server state command (action_id VSST)
sued an external access assembly command (action_id XA)
sued an unsafe assembly command (action_id XU)
sued an alter resource governor command (action_id ALRS class_type RG)
sued a database authenticate command (action_id AUTH)
sued a database checkpoint command (action_id CP)
sued a database show plan command (action_id SPLN)
sued a subscribe to query information command (action_id SUQN)
sued a view database state command (action_id VDST)
sued a change server audit command (action_id AL class_type A)
sued a change server audit specification command (action_id AL class_type SA)
sued a change database audit specification command (action_id AL class_type DA)
sued a create server audit command (action_id CR class_type A)
sued a create server audit specification command (action_id CR class_type SA)
sued a create database audit specification command (action_id CR class_type DA)
sued a delete server audit command (action_id DR class_type A)
sued a delete server audit specification command (action_id DR class_type SA)
sued a delete database audit specification command (action_id DR class_type DA)
udit failure (action_id AUSF)
udit session changed (action_id AUSC)
arted SQL server (action_id SVSR)
aused SQL server (action_id SVPD)
esumed SQL server (action_id SVCN)
opped SQL server (action_id SVSD)
sued a create server object command (action_id CR; class_type AG, EP, SD, SE, T)
sued a change server object command (action_id AL; class_type AG, EP, SD, SE, T)
sued a delete server object command (action_id DR; class_type AG, EP, SD, SE, T)
sued a create server setting command (action_id CR class_type SR)
sued a change server setting command (action_id AL class_type SR)
sued a delete server setting command (action_id DR class_type SR)
sued a create server cryptographic provider command (action_id CR class_type CP)
sued a delete server cryptographic provider command (action_id DR class_type CP)
sued a change server cryptographic provider command (action_id AL class_type CP)
sued a create server credential command (action_id CR class_type CD)
sued a delete server credential command (action_id DR class_type CD)
sued a change server credential command (action_id AL class_type CD)
sued a change server master key command (action_id AL class_type MK)
sued a back up server master key command (action_id BA class_type MK)
sued a restore server master key command (action_id RS class_type MK)
sued a map server credential to login command (action_id CMLG)
sued a remove map between server credential and login command (action_id NMLG)
sued a create server principal command (action_id CR class_type LX, SL)
sued a delete server principal command (action_id DR class_type LX, SL)
sued a change server principal credentials command (action_id CCLG)
sued a disable server principal command (action_id LGDA)
sued a change server principal default database command (action_id LGDB)
sued an enable server principal command (action_id LGEA)
sued a change server principal default language command (action_id LGLG)
sued a change server principal password expiration command (action_id PWEX)
sued a change server principal password policy command (action_id PWPL)
sued a change server principal name command (action_id LGNM)
sued a create database command (action_id CR class_type DB)
sued a change database command (action_id AL class_type DB)
sued a delete database command (action_id DR class_type DB)
sued a create certificate command (action_id CR class_type CR)
sued a change certificate command (action_id AL class_type CR)
sued a delete certificate command (action_id DR class_type CR)
sued a back up certificate command (action_id BA class_type CR)
sued an access certificate command (action_id AS class_type CR)
sued a create asymmetric key command (action_id CR class_type AK)
sued a change asymmetric key command (action_id AL class_type AK)
sued a delete asymmetric key command (action_id DR class_type AK)
sued an access asymmetric key command (action_id AS class_type AK)
sued a create database master key command (action_id CR class_type MK)
sued a change database master key command (action_id AL class_type MK)
sued a delete database master key command (action_id DR class_type MK)
sued a back up database master key command (action_id BA class_type MK)
sued a restore database master key command (action_id RS class_type MK)
sued an open database master key command (action_id OP class_type MK)
sued a create database symmetric key command (action_id CR class_type SK)
sued a change database symmetric key command (action_id AL class_type SK)
sued a delete database symmetric key command (action_id DR class_type SK)
sued a back up database symmetric key command (action_id BA class_type SK)
sued an open database symmetric key command (action_id OP class_type SK)
sued a create database object command (action_id CR)
sued a change database object command (action_id AL)
sued a delete database object command (action_id DR)
sued an access database object command (action_id AS)
sued a create assembly command (action_id CR class_type AS)
sued a change assembly command (action_id AL class_type AS)
sued a delete assembly command (action_id DR class_type AS)
sued a create schema command (action_id CR class_type SC)
sued a change schema command (action_id AL class_type SC)
sued a delete schema command (action_id DR class_type SC)
sued a create database encryption key command (action_id CR class_type DK)
sued a change database encryption key command (action_id AL class_type DK)
sued a delete database encryption key command (action_id DR class_type DK)
sued a create database user command (action_id CR; class_type US)
sued a change database user command (action_id AL; class_type US)
sued a delete database user command (action_id DR; class_type US)
sued a create database role command (action_id CR class_type RL)
sued a change database role command (action_id AL class_type RL)
sued a delete database role command (action_id DR class_type RL)
sued a create application role command (action_id CR class_type AR)
sued a change application role command (action_id AL class_type AR)
sued a delete application role command (action_id DR class_type AR)
sued a change database user login command (action_id USAF)
sued an auto-change database user login command (action_id USLG)
sued a create schema object command (action_id CR class_type D)
sued a change schema object command (action_id AL class_type D)
sued a delete schema object command (action_id DR class_type D)
sued a transfer schema object command (action_id TRO class_type D)
sued a create schema type command (action_id CR class_type TY)
sued a change schema type command (action_id AL class_type TY)
sued a delete schema type command (action_id DR class_type TY)
sued a transfer schema type command (action_id TRO class_type TY)
sued a create XML schema collection command (action_id CR class_type SX)
sued a change XML schema collection command (action_id AL class_type SX)
sued a delete XML schema collection command (action_id DR class_type SX)
sued a transfer XML schema collection command (action_id TRO class_type SX)
sued an impersonate within server scope command (action_id IMP; class_type LX)
sued an impersonate within database scope command (action_id IMP; class_type US)
sued a change server object owner command (action_id TO class_type SG)
sued a change database owner command (action_id TO class_type DB)
sued a change schema owner command (action_id TO class_type SC)
sued a change role owner command (action_id TO class_type RL)
sued a change database object owner command (action_id TO)
sued a change symmetric key owner command (action_id TO class_type SK)
sued a change certificate owner command (action_id TO class_type CR)
sued a change asymmetric key owner command (action_id TO class_type AK)
sued a change schema object owner command (action_id TO class_type OB)
sued a change schema type owner command (action_id TO class_type TY)
sued a change XML schema collection owner command (action_id TO class_type SX)
rant server permissions succeeded (action_id G class_type SR)
rant server permissions failed (action_id G class_type SR)
rant server permissions with grant succeeded (action_id GWG class_type SR)
rant server permissions with grant failed (action_id GWG class_type SR)
eny server permissions succeeded (action_id D class_type SR)
eny server permissions failed (action_id D class_type SR)
eny server permissions with cascade succeeded (action_id DWC class_type SR)
eny server permissions with cascade failed (action_id DWC class_type SR)
evoke server permissions succeeded (action_id R class_type SR)
evoke server permissions failed (action_id R class_type SR)
evoke server permissions with grant succeeded (action_id RWG class_type SR)
evoke server permissions with grant failed (action_id RWG class_type SR)
evoke server permissions with cascade succeeded (action_id RWC class_type SR)
evoke server permissions with cascade failed (action_id RWC class_type SR)
sued grant server object permissions command (action_id G; class_type LX)
sued grant server object permissions with grant command (action_id GWG; class_type LX)
sued deny server object permissions command (action_id D; class_type LX)
sued deny server object permissions with cascade command (action_id DWC; class_type LX)
sued revoke server object permissions command (action_id R; class_type LX)
sued revoke server object permissions with grant command (action_id; RWG class_type LX)
sued revoke server object permissions with cascade command (action_id RWC; class_type LX)
rant database permissions succeeded (action_id G class_type DB)
rant database permissions failed (action_id G class_type DB)
rant database permissions with grant succeeded (action_id GWG class_type DB)
rant database permissions with grant failed (action_id GWG class_type DB)
eny database permissions succeeded (action_id D class_type DB)
eny database permissions failed (action_id D class_type DB)
eny database permissions with cascade succeeded (action_id DWC class_type DB)
eny database permissions with cascade failed (action_id DWC class_type DB)
evoke database permissions succeeded (action_id R class_type DB)
evoke database permissions failed (action_id R class_type DB)
evoke database permissions with grant succeeded (action_id RWG class_type DB)
evoke database permissions with grant failed (action_id RWG class_type DB)
evoke database permissions with cascade succeeded (action_id RWC class_type DB)
evoke database permissions with cascade failed (action_id RWC class_type DB)
sued grant database object permissions command (action_id G class_type US)
sued grant database object permissions with grant command (action_id GWG; class_type US)
sued deny database object permissions command (action_id D; class_type US)
sued deny database object permissions with cascade command (action_id DWC; class_type US)
sued revoke database object permissions command (action_id R; class_type US)
sued revoke database object permissions with grant command (action_id RWG; class_type US)
sued revoke database object permissions with cascade command (action_id RWC; class_type US)
sued grant schema permissions command (action_id G class_type SC)
sued grant schema permissions with grant command (action_id GWG class_type SC)
sued deny schema permissions command (action_id D class_type SC)
sued deny schema permissions with cascade command (action_id DWC class_type SC)
sued revoke schema permissions command (action_id R class_type SC)
sued revoke schema permissions with grant command (action_id RWG class_type SC)
sued revoke schema permissions with cascade command (action_id RWC class_type SC)
sued grant assembly permissions command (action_id G class_type AS)
sued grant assembly permissions with grant command (action_id GWG class_type AS)
sued deny assembly permissions command (action_id D class_type AS)
sued deny assembly permissions with cascade command (action_id DWC class_type AS)
sued revoke assembly permissions command (action_id R class_type AS)
sued revoke assembly permissions with grant command (action_id RWG class_type AS)
sued revoke assembly permissions with cascade command (action_id RWC class_type AS)
sued grant database role permissions command (action_id G class_type RL)
sued grant database role permissions with grant command (action_id GWG class_type RL)
sued deny database role permissions command (action_id D class_type RL)
sued deny database role permissions with cascade command (action_id DWC class_type RL)
sued revoke database role permissions command (action_id R class_type RL)
sued revoke database role permissions with grant command (action_id RWG class_type RL)
sued revoke database role permissions with cascade command (action_id RWC class_type RL)
sued grant application role permissions command (action_id G class_type AR)
sued grant application role permissions with grant command (action_id GWG class_type AR)
sued deny application role permissions command (action_id D class_type AR)
sued deny application role permissions with cascade command (action_id DWC class_type AR)
sued revoke application role permissions command (action_id R class_type AR)
sued revoke application role permissions with grant command (action_id RWG class_type AR)
sued revoke application role permissions with cascade command (action_id RWC class_type AR)
sued grant symmetric key permissions command (action_id G class_type SK)
sued grant symmetric key permissions with grant command (action_id GWG class_type SK)
sued deny symmetric key permissions command (action_id D class_type SK)
sued deny symmetric key permissions with cascade command (action_id DWC class_type SK)
sued revoke symmetric key permissions command (action_id R class_type SK)
sued revoke symmetric key permissions with grant command (action_id RWG class_type SK)
sued revoke symmetric key permissions with cascade command (action_id RWC class_type SK)
sued grant certificate permissions command (action_id G class_type CR)
sued grant certificate permissions with grant command (action_id GWG class_type CR)
sued deny certificate permissions command (action_id D class_type CR)
sued deny certificate permissions with cascade command (action_id DWC class_type CR)
sued revoke certificate permissions command (action_id R class_type CR)
sued revoke certificate permissions with grant command (action_id RWG class_type CR)
sued revoke certificate permissions with cascade command (action_id RWC class_type CR)
sued grant asymmetric key permissions command (action_id G class_type AK)
sued grant asymmetric key permissions with grant command (action_id GWG class_type AK)
sued deny asymmetric key permissions command (action_id D class_type AK)
sued deny asymmetric key permissions with cascade command (action_id DWC class_type AK)
sued revoke asymmetric key permissions command (action_id R class_type AK)
sued revoke asymmetric key permissions with grant command (action_id RWG class_type AK)
sued revoke asymmetric key permissions with cascade command (action_id RWC class_type AK)
sued grant schema object permissions command (action_id G class_type OB)
sued grant schema object permissions with grant command (action_id GWG class_type OB)
sued deny schema object permissions command (action_id D class_type OB)
sued deny schema object permissions with cascade command (action_id DWC class_type OB)
sued revoke schema object permissions command (action_id R class_type OB)
sued revoke schema object permissions with grant command (action_id RWG class_type OB)
sued revoke schema object permissions with cascade command (action_id RWC class_type OB)
sued grant schema type permissions command (action_id G class_type TY)
sued grant schema type permissions with grant command (action_id GWG class_type TY)
sued deny schema type permissions command (action_id D class_type TY)
sued deny schema type permissions with cascade command (action_id DWC class_type TY)
sued revoke schema type permissions command (action_id R class_type TY)
sued revoke schema type permissions with grant command (action_id RWG class_type TY)
sued revoke schema type permissions with cascade command (action_id RWC class_type TY)
sued grant XML schema collection permissions command (action_id G class_type SX)
sued grant XML schema collection permissions with grant command (action_id GWG class_type SX)
sued deny XML schema collection permissions command (action_id D class_type SX)
sued deny XML schema collection permissions with cascade command (action_id DWC class_type SX)
sued revoke XML schema collection permissions command (action_id R class_type SX)
sued revoke XML schema collection permissions with grant command (action_id RWG class_type SX)
sued revoke XML schema collection permissions with cascade command (action_id RWC class_type SX)
sued reference database object permissions command (action_id RF)
sued send service request command (action_id SN)
sued check permissions with schema command (action_id VWCT)
sued use service broker transport security command (action_id LGB)
sued use database mirroring transport security command (action_id LGM)
sued alter trace command (action_id ALTR)
sued start trace command (action_id TASA)
sued stop trace command (action_id TASP)
sued enable trace C2 audit mode command (action_id C2ON)
sued disable trace C2 audit mode command (action_id C2OF)
sued server full-text command (action_id FT)
sued select command (action_id SL)
sued update command (action_id UP)
sued insert command (action_id IN)
sued delete command (action_id DL)
sued execute command (action_id EX)
sued receive command (action_id RC)
sued check references command (action_id RF)
sued a create user-defined server role command (action_id CR class_type SG
sued a change user-defined server role command (action_id AL class_type SG)
sued a delete user-defined server role command (action_id DR class_type SG)
sued grant user-defined server role permissions command (action_id G class_type SG)
sued grant user-defined server role permissions with grant command (action_id GWG class_type SG)
sued deny user-defined server role permissions command (action_id D class_type SG)
sued deny user-defined server role permissions with cascade command (action_id DWC class_type SG)
sued revoke user-defined server role permissions command (action_id R class_type SG)
sued revoke user-defined server role permissions with grant command (action_id RWG class_type SG)
sued revoke user-defined server role permissions with cascade command (action_id RWC class_type SG)
atabase login succeeded (action_id DBAS)
atabase login failed (action_id DBAF)
atabase logout successful (action_id DAGL)
hange password succeeded (action_id PWC; class_type US)
hange password failed (action_id PWC; class_type US)
hange own password succeeded (action_id PWCS; class_type US)
hange own password failed (action_id PWCS; class_type US)
eset own password succeeded (action_id PWRS; class_type US)
eset own password failed (action_id PWRS; class_type US)
eset password succeeded (action_id PWR; class_type US)
eset password failed (action_id PWR; class_type US)
opy password (action_id USTC)
ser-defined SQL audit event (action_id UDAU)
sued a change database audit command (action_id AL class_type DU)
sued a create database audit command (action_id CR class_type DU)
sued a delete database audit command (action_id DR class_type DU)
sued a begin transaction command (action_id TXBG)
sued a commit transaction command (action_id TXCM)
sued a rollback transaction command (action_id TXRB)
sued a create column master key command (action_id CR; class_type CM)
sued a delete column master key command (action_id DR; class_type CM)
column master key was viewed (action_id VW; class_type CM)
sued a create column encryption key command (action_id CR; class_type CK)
sued a change column encryption key command (action_id AL; class_type CK)
sued a delete column encryption key command (action_id DR; class_type CK)
column encryption key was viewed (action_id VW; class_type CK)
sued a create database credential command (action_id CR; class_type DC)
sued a change database credential command (action_id AL; class_type DC)
sued a delete database credential command (action_id DR; class_type DC)
sued a change database scoped configuration command (action_id AL; class_type DS)
sued a create external data source command (action_id CR; class_type ED)
sued a change external data source command (action_id AL; class_type ED)
sued a delete external data source command (action_id DR; class_type ED)
sued a create external file format command (action_id CR; class_type EF)
sued a delete external file format command (action_id DR; class_type EF)
sued a create external resource pool command (action_id CR; class_type ER)
sued a change external resource pool command (action_id AL; class_type ER)
sued a delete external resource pool command (action_id DR; class_type ER)
obal transaction login (action_id LGG)
rant permissions on a database scoped credential succeeded (action_id G; class_type DC)
rant permissions on a database scoped credential failed (action_id G; class_type DC)
rant permissions on a database scoped credential with grant succeeded (action_id GWG; class_type DC)
rant permissions on a database scoped credential with grant failed (action_id GWG; class_type DC)
eny permissions on a database scoped credential succeeded (action_id D; class_type DC)
eny permissions on a database scoped credential failed (action_id D; class_type DC)
eny permissions on a database scoped credential with cascade succeeded (action_id DWC; class_type DC)
eny permissions on a database scoped credential with cascade failed (action_id DWC; class_type DC)
evoke permissions on a database scoped credential succeeded (action_id R; class_type DC)
evoke permissions on a database scoped credential failed (action_id R; class_type DC)
evoke permissions with cascade on a database scoped credential succeeded (action_id RWC; class_type DC)
sued a change assembly owner command (action_id TO class_type AS)
evoke permissions with cascade on a database scoped credential failed (action_id RWC; class_type DC)
evoke permissions with grant on a database scoped credential succeeded (action_id RWG; class_type DC)
evoke permissions with grant on a database scoped credential failed (action_id RWG; class_type DC)
sued a change database scoped credential owner command (action_id TO; class_type DC)
sued a create external library command (action_id CR; class_type EL)
sued a change external library command (action_id AL; class_type EL)
sued a drop external library command (action_id DR; class_type EL)
rant permissions on an external library succeeded (action_id G; class_type EL)
rant permissions on an external library failed (action_id G; class_type EL)
rant permissions on an external library with grant succeeded (action_id GWG; class_type EL)
rant permissions on an external library with grant failed (action_id GWG; class_type EL)
eny permissions on an external library succeeded (action_id D; class_type EL)
eny permissions on an external library failed (action_id D; class_type EL)
eny permissions on an external library with cascade succeeded (action_id DWC; class_type EL)
eny permissions on an external library with cascade failed (action_id DWC; class_type EL)
evoke permissions on an external library succeeded (action_id R; class_type EL)
evoke permissions on an external library failed (action_id R; class_type EL)
evoke permissions with cascade on an external library succeeded (action_id RWC; class_type EL)
evoke permissions with cascade on an external library failed (action_id RWC; class_type EL)
evoke permissions with grant on an external library succeeded (action_id RWG; class_type EL)
evoke permissions with grant on an external library failed (action_id RWG; class_type EL)
sued a create database scoped resource governor command (action_id CR; class_type DR)
sued a change database scoped resource governor command (action_id AL; class_type DR)
sued a drop database scoped resource governor command (action_id DR; class_type DR)
sued a database bulk administration command (action_id DABO; class_type DB)
ommand to change permission failed (action_id D, DWC, G, GWG, R, RWC, RWG; class_type DC, EL)
ocess creation
process changed a file creation time
etwork connection
smon service state changed
ocess terminated
river loaded
mage loaded
eateRemoteThread
awAccessRead
ocessAccess

egistryEvent (Object create and delete)

egistryEvent (Value Set)
egistryEvent (Key and Value Rename)
eCreateStreamHash
smon config state changed
pe created
pe connected
miEventFilter activity detected
miEventConsumer activity detected
miEventConsumerToFilter activity detected

ipboardChange

indows NT is starting up
indows is shutting down
n authentication package has been loaded by the Local Security Authority
trusted logon process has registered with the Local Security Authority
ternal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits
he audit log was cleared
notification package has been loaded by the Security Account Manager
process is using an invalid local procedure call (LPC) port
he system time was changed
nable to log events to security log
uccessful Logon
gon Failure - Unknown user name or bad password
gon Failure - Account logon time restriction violation
gon Failure - Account currently disabled
gon Failure - The specified user account has expired
gon Failure - User not allowed to logon at this computer
gon Failure - The user has not been granted the requested logon type at this machine
gon Failure - The specified account's password has expired
gon Failure - The NetLogon component is not active
gon failure - The logon attempt failed for other reasons.
ser Logoff
gon Failure - Account locked out
uccessful Network Logon
ser initiated logoff
gon attempt using explicit credentials
bject Open
andle Allocated
andle Closed
bject Open for Delete
bject Deleted
bject Open (Active Directory)
bject Operation (W3 Active Directory)
bject Access Attempt
pecial privileges assigned to new logon
ivileged Service Called
ivileged object operation
new process has been created
process has exited
 handle to an object has been duplicated
direct access to an object has been obtained
ackup of data protection master key
process was assigned a primary token
ttempt to install service
heduled Task created
ser Right Assigned
ser Right Removed
ew Trusted Domain
emoving Trusted Domain
udit Policy Change
Sec policy agent started
Sec policy agent disabled
SEC PolicyAgent Service
Sec policy agent encountered a potentially serious failure.
erberos Policy Changed
ncrypted Data Recovery Policy Changed
uality of Service Policy Changed
usted Domain Information Modified
stem Security Access Granted
stem Security Access Removed
er User Audit Policy was refreshed
ser Account Created
ser Account Type Changed
ser Account Enabled
hange Password Attempt
ser Account password set
ser Account Disabled
ser Account Deleted
ecurity Enabled Global Group Created
ecurity Enabled Global Group Member Added
ecurity Enabled Global Group Member Removed
ecurity Enabled Global Group Deleted
ecurity Enabled Local Group Created
ecurity Enabled Local Group Member Added
ecurity Enabled Local Group Member Removed
ecurity Enabled Local Group Deleted
ecurity Enabled Local Group Changed
eneral Account Database Change
ecurity Enabled Global Group Changed
ser Account Changed
omain Policy Changed
ser Account Locked Out
omputer Account Created
omputer Account Changed
omputer Account Deleted
ecurity Disabled Local Group Created
ecurity Disabled Local Group Changed
ecurity Disabled Local Group Member Added
ecurity Disabled Local Group Member Removed
ecurity Disabled Local Group Deleted
ecurity Disabled Global Group Created
ecurity Disabled Global Group Changed
ecurity Disabled Global Group Member Added
ecurity Disabled Global Group Member Removed
ecurity Disabled Global Group Deleted
ecurity Enabled Universal Group Created
ecurity Enabled Universal Group Changed
ecurity Enabled Universal Group Member Added
ecurity Enabled Universal Group Member Removed
ecurity Enabled Universal Group Deleted
ecurity Disabled Universal Group Created
ecurity Disabled Universal Group Changed
ecurity Disabled Universal Group Member Added
ecurity Disabled Universal Group Member Removed
ecurity Disabled Universal Group Deleted
roup Type Changed
dd SID History
dd SID History
ser Account Unlocked
uthentication Ticket Granted
ervice Ticket Granted
cket Granted Renewed
e-authentication failed
uthentication Ticket Request Failed
ervice Ticket Request Failed
ccount Mapped for Logon by
he name: %2 could not be mapped for logon by: %1
ccount Used for Logon by
he logon to account: %2 by: %1 from workstation: %3 failed.
ession reconnected to winstation
ession disconnected from winstation
et ACLs of members in administrators groups
ccount Name Changed
assword of the following user accessed
asic Application Group Created
asic Application Group Changed
asic Application Group Member Added
asic Application Group Member Removed
asic Application Group Non-Member Added
asic Application Group Non-Member Removed
asic Application Group Deleted
DAP Query Group Created
DAP Query Group Changed
DAP Query Group Deleted
assword Policy Checking API is called
er User Audit Policy was refreshed
er user auditing policy set for user
security event source has attempted to register
security event source has attempted to unregister
he following policy was active when the Windows Firewall started
n application was listed as an exception when the Windows Firewall started
port was listed as an exception when the Windows Firewall started
change has been made to the Windows Firewall application exception list
change has been made to the Windows Firewall port exception list
he Windows Firewall operational mode has changed
he Windows Firewall logging settings have changed
Windows Firewall ICMP setting has changed
he Windows Firewall setting to allow unicast responses to multicast/broadcast traffic has changed
he Windows Firewall setting to allow remote administration, allowing port TCP 135 and DCOM/RPC, has changed
indows Firewall group policy settings have been applied
he Windows Firewall group policy settings have been removed
he Windows Firewall has switched the active policy profile
he Windows Firewall has detected an application listening for incoming traffic
he event logging service has shut down
udit events have been dropped by the transport.
he audit log was cleared
he security Log is now full
ent log automatic backup
he event logging service encountered an error
indows is starting up
indows is shutting down
n authentication package has been loaded by the Local Security Authority
trusted logon process has been registered with the Local Security Authority
ternal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
notification package has been loaded by the Security Account Manager.
valid use of LPC port
he system time was changed.
monitored security event pattern has occurred
dministrator recovered system from CrashOnAuditFail
security package has been loaded by the Local Security Authority.
n account was successfully logged on
n account failed to log on
ser/Device claims information
roup membership information.
n account was logged off
E DoS-prevention mode started
ser initiated logoff
logon was attempted using explicit credentials
replay attack was detected
n IPsec Main Mode security association was established
n IPsec Main Mode security association was established
n IPsec Main Mode negotiation failed
n IPsec Main Mode negotiation failed
n IPsec Quick Mode negotiation failed
n IPsec Main Mode security association ended
handle to an object was requested
registry value was modified
he handle to an object was closed
handle to an object was requested with intent to delete
n object was deleted
handle to an object was requested
n operation was performed on an object
n attempt was made to access an object
n attempt was made to create a hard link
n attempt was made to create an application client context.
n application attempted an operation
n application client context was deleted
n application was initialized
ermissions on an object were changed
n application attempted to access a blocked ordinal through the TBS
pecial privileges assigned to new logon
privileged service was called
n operation was attempted on a privileged object
Ds were filtered
new process has been created
process has exited
n attempt was made to duplicate a handle to an object
direct access to an object was requested
ackup of data protection master key was attempted
ecovery of data protection master key was attempted
otection of auditable protected data was attempted
nprotection of auditable protected data was attempted
primary token was assigned to process
service was installed in the system
scheduled task was created
scheduled task was deleted
scheduled task was enabled
scheduled task was disabled
scheduled task was updated
token right was adjusted
user right was assigned
user right was removed
new trust was created to a domain
trust to a domain was removed
sec Services was started
sec Services was disabled
AStore Engine (1%)
sec Services encountered a potentially serious failure
erberos policy was changed
ncrypted data recovery policy was changed
he audit policy (SACL) on an object was changed
usted domain information was modified
stem security access was granted to an account
stem security access was removed from an account
stem audit policy was changed
user account was created
user account was enabled
n attempt was made to change an account's password
n attempt was made to reset an accounts password
user account was disabled
user account was deleted
security-enabled global group was created
member was added to a security-enabled global group
member was removed from a security-enabled global group
security-enabled global group was deleted
security-enabled local group was created
member was added to a security-enabled local group
member was removed from a security-enabled local group
security-enabled local group was deleted
security-enabled local group was changed
security-enabled global group was changed
user account was changed
omain Policy was changed
user account was locked out
computer account was created
computer account was changed
computer account was deleted
security-disabled local group was created
security-disabled local group was changed
member was added to a security-disabled local group
member was removed from a security-disabled local group
security-disabled local group was deleted
security-disabled global group was created
security-disabled global group was changed
member was added to a security-disabled global group
member was removed from a security-disabled global group
security-disabled global group was deleted
security-enabled universal group was created
security-enabled universal group was changed
member was added to a security-enabled universal group
member was removed from a security-enabled universal group
security-enabled universal group was deleted
security-disabled universal group was created
security-disabled universal group was changed
member was added to a security-disabled universal group
member was removed from a security-disabled universal group
security-disabled universal group was deleted
groups type was changed
D History was added to an account
n attempt to add SID History to an account failed
user account was unlocked
Kerberos authentication ticket (TGT) was requested
Kerberos service ticket was requested
Kerberos service ticket was renewed
erberos pre-authentication failed
Kerberos authentication ticket request failed
Kerberos service ticket request failed
n account was mapped for logon
n account could not be mapped for logon
he domain controller attempted to validate the credentials for an account
he domain controller failed to validate the credentials for an account
session was reconnected to a Window Station
session was disconnected from a Window Station
he ACL was set on accounts which are members of administrators groups
he name of an account was changed
he password hash an account was accessed
basic application group was created
basic application group was changed
member was added to a basic application group
member was removed from a basic application group
non-member was added to a basic application group
non-member was removed from a basic application group..
basic application group was deleted
n LDAP query group was created
basic application group was changed
n LDAP query group was deleted
he Password Policy Checking API was called
n attempt was made to set the Directory Services Restore Mode administrator password
n attempt was made to query the existence of a blank password for an account
user's local group membership was enumerated.
security-enabled local group membership was enumerated
he workstation was locked
he workstation was unlocked
he screen saver was invoked
he screen saver was dismissed
PC detected an integrity violation while decrypting an incoming message
uditing settings on object were changed.
oposed Central Access Policy does not grant the same access permissions as the current Central Access Policy
entral Access Policies on the machine have been changed
Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions
Kerberos service ticket was denied because the user, device, or both does not meet the access control restrictions
TLM authentication failed because the account was a member of the Protected User group
TLM authentication failed because access control restrictions are required
erberos preauthentication by using DES or RC4 failed because the account was a member of the Protected User group
user was denied the access to Remote Desktop. By default, users are allowed to connect only if they are members of the Remote Desk
oot Configuration Data loaded
D History was removed from an account
 namespace collision was detected
trusted forest information entry was added
trusted forest information entry was removed
trusted forest information entry was modified
he certificate manager denied a pending certificate request
ertificate Services received a resubmitted certificate request
ertificate Services revoked a certificate
ertificate Services received a request to publish the certificate revocation list (CRL)
ertificate Services published the certificate revocation list (CRL)
certificate request extension changed
ne or more certificate request attributes changed.
ertificate Services received a request to shut down
ertificate Services backup started
ertificate Services backup completed
ertificate Services restore started
ertificate Services restore completed
ertificate Services started
ertificate Services stopped
he security permissions for Certificate Services changed
ertificate Services retrieved an archived key
ertificate Services imported a certificate into its database
he audit filter for Certificate Services changed
ertificate Services received a certificate request
ertificate Services approved a certificate request and issued a certificate
ertificate Services denied a certificate request
ertificate Services set the status of a certificate request to pending
he certificate manager settings for Certificate Services changed.
configuration entry changed in Certificate Services
property of Certificate Services changed
ertificate Services archived a key
ertificate Services imported and archived a key
ertificate Services published the CA certificate to Active Directory Domain Services
ne or more rows have been deleted from the certificate database
ole separation enabled
ertificate Services loaded a template
Certificate Services template was updated
ertificate Services template security was updated
he Per-user audit policy table was created
n attempt was made to register a security event source
n attempt was made to unregister a security event source
he CrashOnAuditFail value has changed
uditing settings on object were changed
pecial Groups Logon table modified
he local policy settings for the TBS were changed
he group policy settings for the TBS were changed
esource attributes of the object were changed
er User Audit Policy was changed
entral Access Policy on the object was changed
n Active Directory replica source naming context was established
n Active Directory replica source naming context was removed
n Active Directory replica source naming context was modified
n Active Directory replica destination naming context was modified
nchronization of a replica of an Active Directory naming context has begun
nchronization of a replica of an Active Directory naming context has ended
ttributes of an Active Directory object were replicated
eplication failure begins
eplication failure ends
lingering object was removed from a replica
he following policy was active when the Windows Firewall started
rule was listed when the Windows Firewall started
change has been made to Windows Firewall exception list. A rule was added
change has been made to Windows Firewall exception list. A rule was modified
change has been made to Windows Firewall exception list. A rule was deleted
indows Firewall settings were restored to the default values
Windows Firewall setting has changed
rule has been ignored because its major version number was not recognized by Windows Firewall
arts of a rule have been ignored because its minor version number was not recognized by Windows Firewall
rule has been ignored by Windows Firewall because it could not parse the rule
indows Firewall Group Policy settings has changed. The new settings have been applied
indows Firewall has changed the active profile
indows Firewall did not apply the following rule
indows Firewall did not apply the following rule because the rule referred to items not configured on this computer
sec dropped an inbound packet that failed an integrity check
sec dropped an inbound packet that failed a replay check
sec dropped an inbound packet that failed a replay check
sec dropped an inbound clear text packet that should have been secured
pecial groups have been assigned to a new logon
sec received a packet from a remote computer with an incorrect Security Parameter Index (SPI).
uring Main Mode negotiation, IPsec received an invalid negotiation packet.
uring Quick Mode negotiation, IPsec received an invalid negotiation packet.
uring Extended Mode negotiation, IPsec received an invalid negotiation packet.
sec Main Mode and Extended Mode security associations were established.
sec Main Mode and Extended Mode security associations were established
sec Main Mode and Extended Mode security associations were established
sec Main Mode and Extended Mode security associations were established
n IPsec Extended Mode negotiation failed
n IPsec Extended Mode negotiation failed
he state of a transaction has changed
he Windows Firewall Service has started successfully
he Windows Firewall Service has been stopped
he Windows Firewall Service was unable to retrieve the security policy from the local storage
he Windows Firewall Service was unable to parse the new security policy.
he Windows Firewall Service failed to initialize the driver
he Windows Firewall Service failed to start
he Windows Firewall Service blocked an application from accepting incoming connections on the network.
indows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network
he Windows Firewall Driver has started successfully
he Windows Firewall Driver has been stopped
he Windows Firewall Driver failed to start
he Windows Firewall Driver detected critical runtime error. Terminating
ode integrity determined that the image hash of a file is not valid
registry key was virtualized.
change has been made to IPsec settings. An Authentication Set was added.
change has been made to IPsec settings. An Authentication Set was modified
change has been made to IPsec settings. An Authentication Set was deleted
change has been made to IPsec settings. A Connection Security Rule was added
change has been made to IPsec settings. A Connection Security Rule was modified
change has been made to IPsec settings. A Connection Security Rule was deleted
change has been made to IPsec settings. A Crypto Set was added
change has been made to IPsec settings. A Crypto Set was modified
change has been made to IPsec settings. A Crypto Set was deleted
n IPsec Security Association was deleted
n attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE
file was virtualized
cryptographic self test was performed
cryptographic primitive operation failed
ey file operation
ey migration operation
erification operation failed
yptographic operation
kernel-mode cryptographic self test was performed
cryptographic provider operation was attempted
cryptographic context operation was attempted
cryptographic context modification was attempted
cryptographic function operation was attempted
cryptographic function modification was attempted
cryptographic function provider operation was attempted
cryptographic function property operation was attempted
cryptographic function property operation was attempted
ey access denied by Microsoft key distribution service
CSP Responder Service Started
CSP Responder Service Stopped
Configuration entry changed in the OCSP Responder Service
configuration entry changed in the OCSP Responder Service
security setting was updated on OCSP Responder Service
request was submitted to OCSP Responder Service
gning Certificate was automatically updated by the OCSP Responder Service
he OCSP Revocation Provider successfully updated the revocation information
directory service object was modified
directory service object was created
directory service object was undeleted
directory service object was moved
network share object was accessed
directory service object was deleted
 network share object was added.
network share object was modified
network share object was deleted.
network share object was checked to see whether client can be granted desired access
he Windows Filtering Platform has blocked a packet
more restrictive Windows Filtering Platform filter has blocked a packet
he Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be disc
he DoS attack has subsided and normal processing is being resumed.
he Windows Filtering Platform has blocked a packet.
more restrictive Windows Filtering Platform filter has blocked a packet.
he Windows Filtering Platform blocked a packet
more restrictive Windows Filtering Platform filter has blocked a packet
he Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections
he Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections
he Windows Filtering Platform has allowed a connection
he Windows Filtering Platform has blocked a connection
he Windows Filtering Platform has permitted a bind to a local port
he Windows Filtering Platform has blocked a bind to a local port
pn check for SMB/SMB2 fails.
directory service object was modified
directory service object was modified during a background cleanup task
edential Manager credentials were backed up
edential Manager credentials were restored from a backup
he requested credentials delegation was disallowed by policy
edential Manager credentials were read
ault Find Credential
ault credentials were read
ault credentials were read
he following callout was present when the Windows Filtering Platform Base Filtering Engine started
he following filter was present when the Windows Filtering Platform Base Filtering Engine started
he following provider was present when the Windows Filtering Platform Base Filtering Engine started
he following provider context was present when the Windows Filtering Platform Base Filtering Engine started
he following sub-layer was present when the Windows Filtering Platform Base Filtering Engine started
Windows Filtering Platform callout has been changed
Windows Filtering Platform filter has been changed
Windows Filtering Platform provider has been changed
Windows Filtering Platform provider context has been changed
Windows Filtering Platform sub-layer has been changed
n IPsec Quick Mode security association was established
n IPsec Quick Mode security association ended
n IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service is not started
AStore Engine applied Active Directory storage IPsec policy on the computer
AStore Engine failed to apply Active Directory storage IPsec policy on the computer
AStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer
AStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer
AStore Engine applied local registry storage IPsec policy on the computer
AStore Engine failed to apply local registry storage IPsec policy on the computer
AStore Engine failed to apply some rules of the active IPsec policy on the computer
AStore Engine polled for changes to the active IPsec policy and detected no changes
AStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Services
AStore Engine received a control for forced reloading of IPsec policy and processed the control successfully
AStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use
AStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no c
AStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes
AStore Engine loaded local storage IPsec policy on the computer
AStore Engine failed to load local storage IPsec policy on the computer
AStore Engine loaded directory storage IPsec policy on the computer
AStore Engine failed to load directory storage IPsec policy on the computer
AStore Engine failed to add quick mode filter
sec Services has started successfully
sec Services has been shut down successfully
sec Services failed to get the complete list of network interfaces on the computer
sec Services failed to initialize RPC server. IPsec Services could not be started
sec Services has experienced a critical failure and has been shut down
sec Services failed to process some IPsec filters on a plug-and-play event for network interfaces
request was made to authenticate to a wireless network
request was made to authenticate to a wired network
Remote Procedure Call (RPC) was attempted
n object in the COM+ Catalog was modified
n object was deleted from the COM+ Catalog
n object was added to the COM+ Catalog
ecurity policy in the group policy objects has been applied successfully
ne or more errors occured while processing security policy in the group policy objects
etwork Policy Server granted access to a user
etwork Policy Server denied access to a user
etwork Policy Server discarded the request for a user
etwork Policy Server discarded the accounting request for a user
etwork Policy Server quarantined a user
etwork Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy
etwork Policy Server granted full access to a user because the host met the defined health policy
etwork Policy Server locked the user account due to repeated failed authentication attempts
etwork Policy Server unlocked the user account
ode Integrity determined that the page hashes of an image file are not valid...
anchCache: Received an incorrectly formatted response while discovering availability of content.
anchCache: Received invalid data from a peer. Data discarded.
anchCache: The message to the hosted cache offering it data is incorrectly formatted.
anchCache: The hosted cache sent an incorrectly formatted response to the client's message to offer it data.
anchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.
anchCache: %2 instance(s) of event id %1 occurred.
1 registered to Windows Firewall to control filtering for the following:

egistered product %1 failed and Windows Firewall is now controlling the filtering for %2.
anchCache: A service connection point object could not be parsed
ode integrity determined that a file does not meet the security requirements to load into a process. This could be due to the use of sha
new external device was recognized by the system.
he FIPS mode crypto selftests succeeded
he FIPS mode crypto selftests failed
request was made to disable a device
device was disabled
request was made to enable a device
device was enabled
he installation of this device is forbidden by system policy
he installation of this device was allowed, after having previously been forbidden by policy
ghest System-Defined Audit Message Value
me audits
me audits.
User group
embers of the Remote Desktop Users group or Administrators group
omputer

ctions on the network

 with this attack will be discarded.

nnections

T) service is not started

 ot be reached, and will use the cached copy of the Active Directory IPsec policy instead
be reached, and found no changes to the policy
be reached, found changes to the policy, and applied those changes

ned health policy

ld be due to the use of shared sections or other issues