Audit Application Group Management

Applies to

  • Windows 10
  • Windows Server 2016

Audit Application Group Management generates events for actions related to application groups, such as group creation, modification, addition or removal of group member and some other actions.

Application groups are used by Authorization Manager.

Audit Application Group Management subcategory is out of scope of this document, because Authorization Manager is very rarely in use and it is deprecated starting from Windows Server 2012.

Computer Type General Success General Failure Stronger Success Stronger Failure Comments
Domain Controller - - - - This subcategory is outside the scope of this document.
Member Server - - - - This subcategory is outside the scope of this document.
Workstation - - - - This subcategory is outside the scope of this document.

4783(S): A basic application group was created.

4784(S): A basic application group was changed.

4785(S): A member was added to a basic application group.

4786(S): A member was removed from a basic application group.

4787(S): A non-member was added to a basic application group.

4788(S): A non-member was removed from a basic application group.

4789(S): A basic application group was deleted.

4790(S): An LDAP query group was created.

4791(S): An LDAP query group was changed.

4792(S): An LDAP query group was deleted.