Windows Event Audit Logging
Privilege Manager leverages the following Windows events for audit purposes. These event IDs are shown in the Security log on the Windows server. Refer to Advanced Security Audit Policy Settings for Windows.
If these events are not logged, triggers dependent on those Event IDs will result in scheduled task triggers not working correctly.
-
4730(S): A security-enabled global group was deleted
4732(S): A member was added to a security-enabled local group
4733(S): A member was removed from a security-enabled local group
4734(S): A security-enabled local group was deleted
4735(S): A security-enabled local group was changed
-
4722(S): A user account was enabled
4725(S): A user account was disabled
4726(S): A user account was deleted
4738(S): A user account was changed
