19
Event ID
Event Description
624
A user account was created.
627
A user password was changed.
628
A user password was set.
630
A user account was deleted.
631
A global group was created.
632
A member was added to a global group.
633
A member was removed from a global group.
634
A global group was deleted.
635
A new local group was created.
636
A member was added to a local group.
637
A member was removed from a local group.
638
A local group was deleted.
639
A local group account was changed.
641
A global group account was changed.
642
A user account was changed.
643
A domain policy was modified.
644
A user account was automatically locked.
645
A computer account was created.
646
A computer account was changed.
647
A computer account was deleted.
648
A local security group with security disabled was created.
Note:
SECURITY_DISABLED in the formal name means that this group cannot be used
to grant permissions in access checks.
649
A local security group with security disabled was changed.
650
A member was added to a security-disabled local security group.
651
A member was removed from a security-disabled local security group.
652
A security-disabled local group was deleted.
653
A security-disabled global group was created.
654
A security-disabled global group was changed.
655
A member was added to a security-disabled global group.
656
A member was removed from a security-disabled global group.
657
A security-disabled global group was deleted.
658
A security-enabled universal group was created.
659
A security-enabled universal group was changed.
