附录 L:事件监视器Appendix L: Events to Monitor

适用于:Windows ServerApplies To: Windows Server

下表列出了应根据 监视 Active Directory中提供的建议在环境中监视的事件。The following table lists events that you should monitor in your environment, according to the recommendations provided in Monitoring Active Directory for Signs of Compromise. 在下表中,"当前 Windows 事件 ID" 列列出了在当前提供主流支持的 Windows 和 Windows Server 版本中实现的事件 ID。In the following table, the "Current Windows Event ID" column lists the event ID as it is implemented in versions of Windows and Windows Server that are currently in mainstream support.

"旧版 Windows 事件 ID" 列列出了旧版 Windows 中的相应事件 ID,如运行 Windows XP 或更早版本的客户端计算机以及运行 Windows Server 2003 或更早版本的服务器。The "Legacy Windows Event ID" column lists the corresponding event ID in legacy versions of Windows such as client computers running Windows XP or earlier and servers running Windows Server 2003 or earlier. "潜在严重程度" 列标识检测攻击时应将事件视为低、中还是高重要程度,而 "事件摘要" 列则提供事件的简短说明。The "Potential Criticality" column identifies whether the event should be considered of low, medium, or high criticality in detecting attacks, and the "Event Summary" column provides a brief description of the event.

潜在严重程度为高意味着应调查事件的一个匹配项。A potential criticality of High means that one occurrence of the event should be investigated. 潜在严重程度为中或低表示,仅应在事件意外发生时或在测量时间段内明显超出预期基线的数字中调查这些事件。Potential criticality of Medium or Low means that these events should only be investigated if they occur unexpectedly or in numbers that significantly exceed the expected baseline in a measured period of time. 创建需要强制调查响应的警报前,所有组织都应在自己的环境中测试这些建议。All organizations should test these recommendations in their environments before creating alerts that require mandatory investigative responses. 每个环境都是不同的,如果存在其他无害事件,则可能导致严重严重性为高的事件。Every environment is different, and some of the events ranked with a potential criticality of High may occur due to other harmless events.

当前 Windows 事件 IDCurrent Windows Event ID 旧版 Windows 事件 IDLegacy Windows Event ID 潜在严重程度Potential Criticality 事件摘要Event Summary
46184618 不可用N/A High 发生了受监视的安全事件模式。A monitored security event pattern has occurred.
46494649 不可用N/A High 检测到重播攻击。A replay attack was detected. 由于错误配置错误,可能是无害误报。May be a harmless false positive due to misconfiguration error.
47194719 612612 High 已更改系统审核策略。System audit policy was changed.
47654765 不可用N/A High SID 历史记录已添加到帐户。SID History was added to an account.
47664766 不可用N/A High 尝试将 SID 历史记录添加到帐户失败。An attempt to add SID History to an account failed.
47944794 不可用N/A High 尝试设置目录服务还原模式。An attempt was made to set the Directory Services Restore Mode.
48974897 801801 High 已启用角色分隔:Role separation enabled:
49644964 不可用N/A High 已向新登录分配特殊组。Special groups have been assigned to a new logon.
51245124 不可用N/A High 已在 OCSP 响应程序服务上更新安全设置A security setting was updated on the OCSP Responder Service
不可用N/A 550550 中到高Medium to High 可能的拒绝服务 (DoS) 攻击Possible denial-of-service (DoS) attack
11021102 517517 中到高Medium to High 审核日志已清除The audit log was cleared
46214621 不可用N/A 中型Medium 管理员已从 CrashOnAuditFail 恢复系统。Administrator recovered system from CrashOnAuditFail. 现在将允许非管理员用户登录。Users who are not administrators will now be allowed to log on. 可能未记录某些可审核活动。Some auditable activity might not have been recorded.
46754675 不可用N/A 中型Medium 已筛选 Sid。SIDs were filtered.
46924692 不可用N/A 中型Medium 尝试备份数据保护主密钥。Backup of data protection master key was attempted.
46934693 不可用N/A 中型Medium 尝试恢复数据保护主密钥。Recovery of data protection master key was attempted.
47064706 610610 中型Medium 已为域创建新的信任。A new trust was created to a domain.
47134713 617617 中型Medium Kerberos 策略已更改。Kerberos policy was changed.
47144714 618618 中型Medium 已更改加密数据恢复策略。Encrypted data recovery policy was changed.
47154715 不可用N/A 中型Medium 已更改对象上 (SACL) 的审核策略。The audit policy (SACL) on an object was changed.
47164716 620620 中型Medium 已修改受信任的域信息。Trusted domain information was modified.
47244724 628628 中型Medium 尝试重置帐户的密码。An attempt was made to reset an account's password.
47274727 631631 中型Medium 已创建启用安全的全局组。A security-enabled global group was created.
47354735 639639 中型Medium 已更改启用安全的本地组。A security-enabled local group was changed.
47374737 641641 中型Medium 已更改安全的全局组。A security-enabled global group was changed.
47394739 643643 中型Medium 域策略已更改。Domain Policy was changed.
47544754 658658 中型Medium 已创建启用安全的通用组。A security-enabled universal group was created.
47554755 659659 中型Medium 已对启用安全的通用组进行了更改。A security-enabled universal group was changed.
47644764 667667 中型Medium 已删除安全禁用的组A security-disabled group was deleted
47644764 668668 中型Medium 组的类型已更改。A group's type was changed.
47804780 684684 中型Medium ACL 是针对作为 administrators 组成员的帐户设置的。The ACL was set on accounts which are members of administrators groups.
48164816 不可用N/A 中型Medium RPC 在解密传入消息时检测到完整性冲突。RPC detected an integrity violation while decrypting an incoming message.
48654865 不可用N/A 中型Medium 已添加受信任的林信息项。A trusted forest information entry was added.
48664866 不可用N/A 中型Medium 已删除受信任的林信息项。A trusted forest information entry was removed.
48674867 不可用N/A 中型Medium 已修改受信任的林信息项。A trusted forest information entry was modified.
48684868 772772 中型Medium 证书管理器已拒绝挂起的证书申请。The certificate manager denied a pending certificate request.
48704870 774774 中型Medium 证书服务已吊销证书。Certificate Services revoked a certificate.
48824882 786786 中型Medium 证书服务的安全权限已更改。The security permissions for Certificate Services changed.
48854885 789789 中型Medium 证书服务的审核筛选器已更改。The audit filter for Certificate Services changed.
48904890 794794 中型Medium 证书服务的证书管理器设置已更改。The certificate manager settings for Certificate Services changed.
48924892 796796 中型Medium 证书服务的属性已更改。A property of Certificate Services changed.
48964896 800800 中型Medium 已经从证书数据库删除一个或多个行。One or more rows have been deleted from the certificate database.
49064906 不可用N/A 中型Medium CrashOnAuditFail 值已更改。The CrashOnAuditFail value has changed.
49074907 不可用N/A 中型Medium 对象的审核设置已更改。Auditing settings on object were changed.
49084908 不可用N/A 中型Medium 已修改特殊组登录表。Special Groups Logon table modified.
49124912 807807 中型Medium 已更改每个用户的审核策略。Per User Audit Policy was changed.
49604960 不可用N/A 中型Medium IPsec 丢弃了一个无法进行完整性检查的入站数据包。IPsec dropped an inbound packet that failed an integrity check. 如果此问题仍然存在,则可能表示存在网络问题或数据包正在传输到此计算机时被修改。If this problem persists, it could indicate a network issue or that packets are being modified in transit to this computer. 验证从远程计算机发送的数据包与此计算机接收的数据包是否相同。Verify that the packets sent from the remote computer are the same as those received by this computer. 此错误还可能指示与其他 IPsec 实现之间的互操作性问题。This error might also indicate interoperability problems with other IPsec implementations.
49614961 不可用N/A 中型Medium IPsec 已丢弃未能重播检查的入站数据包。IPsec dropped an inbound packet that failed a replay check. 如果此问题仍然存在,则可能表示针对此计算机的重播攻击。If this problem persists, it could indicate a replay attack against this computer.
49624962 不可用N/A 中型Medium IPsec 已丢弃未能重播检查的入站数据包。IPsec dropped an inbound packet that failed a replay check. 入站数据包的序列号太小,以确保它不是重播。The inbound packet had too low a sequence number to ensure it was not a replay.
49634963 不可用N/A 中型Medium IPsec 丢弃了应受到保护的入站明文包。IPsec dropped an inbound clear text packet that should have been secured. 这通常是由于远程计算机更改了其 IPsec 策略,而没有通知此计算机。This is usually due to the remote computer changing its IPsec policy without informing this computer. 这也可能是欺骗攻击尝试。This could also be a spoofing attack attempt.
49654965 不可用N/A 中型Medium IPsec 从远程计算机接收到 (SPI) 的安全参数索引不正确的数据包。IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI). 这通常是由于损坏数据包的硬件故障引起的。This is usually caused by malfunctioning hardware that is corrupting packets. 如果这些错误仍然存在,请验证从远程计算机发送的数据包是否与此计算机接收的数据包相同。If these errors persist, verify that the packets sent from the remote computer are the same as those received by this computer. 此错误还可能指示与其他 IPsec 实现之间的互操作性问题。This error may also indicate interoperability problems with other IPsec implementations. 在这种情况下,如果连接不会妨碍,则可忽略这些事件。In that case, if connectivity is not impeded, then these events can be ignored.
49764976 不可用N/A 中型Medium 在主模式协商期间,IPsec 接收到无效的协商数据包。During Main Mode negotiation, IPsec received an invalid negotiation packet. 如果此问题仍然存在,则可能表示存在网络问题或试图修改或重播此协商。If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.
49774977 不可用N/A 中型Medium 在快速模式协商期间,IPsec 接收到无效的协商数据包。During Quick Mode negotiation, IPsec received an invalid negotiation packet. 如果此问题仍然存在,则可能表示存在网络问题或试图修改或重播此协商。If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.
49784978 不可用N/A 中型Medium 在扩展模式协商期间,IPsec 接收到无效的协商数据包。During Extended Mode negotiation, IPsec received an invalid negotiation packet. 如果此问题仍然存在,则可能表示存在网络问题或试图修改或重播此协商。If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.
49834983 不可用N/A 中型Medium IPsec 扩展模式协商失败。An IPsec Extended Mode negotiation failed. 已删除相应的主模式安全关联。The corresponding Main Mode security association has been deleted.
49844984 不可用N/A 中型Medium IPsec 扩展模式协商失败。An IPsec Extended Mode negotiation failed. 已删除相应的主模式安全关联。The corresponding Main Mode security association has been deleted.
50275027 不可用N/A 中型Medium Windows 防火墙服务无法从本地存储中检索安全策略。The Windows Firewall Service was unable to retrieve the security policy from the local storage. 该服务将继续强制实施当前策略。The service will continue enforcing the current policy.
50285028 不可用N/A 中型Medium Windows 防火墙服务无法分析新的安全策略。The Windows Firewall Service was unable to parse the new security policy. 该服务将继续强制实施当前策略。The service will continue with currently enforced policy.
50295029 不可用N/A 中型Medium Windows 防火墙服务初始化驱动程序失败。The Windows Firewall Service failed to initialize the driver. 该服务将继续强制实施当前策略。The service will continue to enforce the current policy.
50305030 不可用N/A 中型Medium Windows 防火墙服务无法启动。The Windows Firewall Service failed to start.
50355035 不可用N/A 中型Medium Windows 防火墙驱动程序启动失败。The Windows Firewall Driver failed to start.
50375037 不可用N/A 中型Medium Windows 防火墙驱动程序检测到关键运行时错误。The Windows Firewall Driver detected critical runtime error. 正在终止。Terminating.
50385038 不可用N/A 中型Medium 代码完整性确定文件的图像哈希无效。Code integrity determined that the image hash of a file is not valid. 此文件可能已损坏,因为未经授权的修改,或无效的哈希表明可能存在磁盘设备错误。The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
51205120 不可用N/A 中型Medium OCSP 响应程序服务已启动OCSP Responder Service Started
51215121 不可用N/A 中型Medium OCSP 响应程序服务已停止OCSP Responder Service Stopped
51225122 不可用N/A 中型Medium OCSP 响应程序服务中更改的配置项A configuration entry changed in OCSP Responder Service
51235123 不可用N/A 中型Medium OCSP 响应程序服务中更改的配置项A configuration entry changed in OCSP Responder Service
53765376 不可用N/A 中型Medium 已备份凭据管理器凭据。Credential Manager credentials were backed up.
53775377 不可用N/A 中型Medium 已从备份还原凭据管理器凭据。Credential Manager credentials were restored from a backup.
54535453 不可用N/A 中型Medium 与远程计算机的 IPsec 协商失败,因为 IKE 和 AuthIP IPsec 密钥模块 (IKEEXT) 服务未启动。An IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service is not started.
54805480 不可用N/A 中型Medium IPsec 服务无法获取计算机上的网络接口的完整列表。IPsec Services failed to get the complete list of network interfaces on the computer. 这会带来潜在的安全风险,因为某些网络接口可能无法获得应用的 IPsec 筛选器提供的保护。This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. 使用 "IP 安全监视器" 管理单元来诊断问题。Use the IP Security Monitor snap-in to diagnose the problem.
54835483 不可用N/A 中型Medium IPsec 服务无法初始化 RPC 服务器。IPsec Services failed to initialize RPC server. IPsec 服务无法启动。IPsec Services could not be started.
54845484 不可用N/A 中型Medium IPsec 服务遇到了严重故障,已经关闭。IPsec Services has experienced a critical failure and has been shut down. 关闭 IPsec 服务可以使计算机面临网络攻击的更大风险,或使计算机面临潜在的安全风险。The shutdown of IPsec Services can put the computer at greater risk of network attack or expose the computer to potential security risks.
54855485 不可用N/A 中型Medium IPsec 服务无法对网络接口的即插即用事件处理某些 IPsec 筛选器。IPsec Services failed to process some IPsec filters on a plug-and-play event for network interfaces. 这会带来潜在的安全风险,因为某些网络接口可能无法获得应用的 IPsec 筛选器提供的保护。This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. 使用 "IP 安全监视器" 管理单元来诊断问题。Use the IP Security Monitor snap-in to diagnose the problem.
61456145 不可用N/A 中型Medium 在组策略对象中处理安全策略时出现一个或多个错误。One or more errors occurred while processing security policy in the Group Policy objects.
62736273 不可用N/A 中型Medium 网络策略服务器拒绝了对用户的访问。Network Policy Server denied access to a user.
62746274 不可用N/A 中型Medium 网络策略服务器放弃了对用户的请求。Network Policy Server discarded the request for a user.
62756275 不可用N/A 中型Medium 网络策略服务器已丢弃用户的记帐请求。Network Policy Server discarded the accounting request for a user.
62766276 不可用N/A 中型Medium 网络策略服务器隔离了某个用户。Network Policy Server quarantined a user.
62776277 不可用N/A 中型Medium 网络策略服务器授予了对某个用户的访问权限,但由于该主机不满足定义的运行状况策略,因此已将其设置为试用。Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.
62786278 不可用N/A 中型Medium 网络策略服务器向用户授予了完全访问权限,因为该主机符合定义的运行状况策略。Network Policy Server granted full access to a user because the host met the defined health policy.
62796279 不可用N/A 中型Medium 由于重复失败的身份验证尝试失败,网络策略服务器锁定了用户帐户。Network Policy Server locked the user account due to repeated failed authentication attempts.
62806280 不可用N/A 中型Medium 网络策略服务器解锁了用户帐户。Network Policy Server unlocked the user account.
- 640640 中型Medium 常规帐户数据库已更改General account database changed
- 619619 中型Medium 服务质量策略已更改Quality of Service Policy changed
2458624586 不可用N/A 中型Medium 转换卷时出错An error was encountered converting volume
2459224592 不可用N/A 中型Medium 尝试自动重新启动卷 %2 上的转换失败。An attempt to automatically restart conversion on volume %2 failed.
2459324593 不可用N/A 中型Medium 元数据写入:卷 %2 在尝试修改元数据时返回错误。Metadata write: Volume %2 returning errors while trying to modify metadata. 如果失败继续,请解密卷If failures continue, decrypt volume
2459424594 不可用N/A 中型Medium 元数据重新生成:试图写入卷 %2 上的元数据副本失败,可能显示为磁盘损坏。Metadata rebuild: An attempt to write a copy of metadata on volume %2 failed and may appear as disk corruption. 如果失败,请解密卷。If failures continue, decrypt volume.
46084608 512512 Low Windows 正在启动。Windows is starting up.
46094609 513513 Low Windows 正在关闭。Windows is shutting down.
46104610 514514 Low 本地安全机构已加载身份验证包。An authentication package has been loaded by the Local Security Authority.
46114611 515515 Low 已向本地安全机构注册了受信任的登录过程。A trusted logon process has been registered with the Local Security Authority.
46124612 516516 Low 为审核消息队列分配的内部资源已耗尽,导致某些审核丢失。Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
46144614 518518 Low 安全帐户管理器已加载通知包。A notification package has been loaded by the Security Account Manager.
46154615 519519 Low LPC 端口的使用无效。Invalid use of LPC port.
46164616 520520 Low 系统时间已更改。The system time was changed.
46224622 不可用N/A Low 安全包已由本地安全机构加载。A security package has been loaded by the Local Security Authority.
46244624 528540528,540 Low 帐户已成功登录。An account was successfully logged on.
46254625 529-537539529-537,539 Low 帐户登录失败。An account failed to log on.
46344634 538538 Low 帐户已注销。An account was logged off.
46464646 不可用N/A Low IKE DoS-阻止模式已启动。IKE DoS-prevention mode started.
46474647 551551 Low 用户启动的注销。User initiated logoff.
46484648 552552 Low 尝试使用显式凭据进行登录。A logon was attempted using explicit credentials.
46504650 不可用N/A Low 已建立 IPsec 主模式安全关联。An IPsec Main Mode security association was established. 未启用扩展模式。Extended Mode was not enabled. 未使用证书身份验证。Certificate authentication was not used.
46514651 不可用N/A Low 已建立 IPsec 主模式安全关联。An IPsec Main Mode security association was established. 未启用扩展模式。Extended Mode was not enabled. 使用证书进行身份验证。A certificate was used for authentication.
46524652 不可用N/A Low IPsec 主模式协商失败。An IPsec Main Mode negotiation failed.
46534653 不可用N/A Low IPsec 主模式协商失败。An IPsec Main Mode negotiation failed.
46544654 不可用N/A Low IPsec 快速模式协商失败。An IPsec Quick Mode negotiation failed.
46554655 不可用N/A Low IPsec 主模式安全关联已结束。An IPsec Main Mode security association ended.
46564656 560560 Low 请求了对象的句柄。A handle to an object was requested.
46574657 567567 Low 注册表值被修改。A registry value was modified.
46584658 562562 Low 对象的句柄已关闭。The handle to an object was closed.
46594659 不可用N/A Low 已请求使用意向删除对象的句柄。A handle to an object was requested with intent to delete.
46604660 564564 Low 已删除对象。An object was deleted.
46614661 565565 Low 请求了对象的句柄。A handle to an object was requested.
46624662 566566 Low 已对对象执行操作。An operation was performed on an object.
46634663 567567 Low 尝试访问某个对象。An attempt was made to access an object.
46644664 不可用N/A Low 尝试创建硬链接。An attempt was made to create a hard link.
46654665 不可用N/A Low 尝试创建应用程序客户端上下文。An attempt was made to create an application client context.
46664666 不可用N/A Low 应用程序尝试了操作:An application attempted an operation:
46674667 不可用N/A Low 已删除应用程序客户端上下文。An application client context was deleted.
46684668 不可用N/A Low 应用程序已初始化。An application was initialized.
46704670 不可用N/A Low 更改了对对象的权限。Permissions on an object were changed.
46714671 不可用N/A Low 应用程序试图通过 TBS 访问阻止的序号。An application attempted to access a blocked ordinal through the TBS.
46724672 576576 Low 分配给新登录名的特殊权限。Special privileges assigned to new logon.
46734673 577577 Low 调用了特权服务。A privileged service was called.
46744674 578578 Low 尝试对特权对象执行操作。An operation was attempted on a privileged object.
46884688 592592 Low 已创建一个新进程。A new process has been created.
46894689 593593 Low 进程已退出。A process has exited.
46904690 594594 Low 尝试复制对象的句柄。An attempt was made to duplicate a handle to an object.
46914691 595595 Low 请求间接访问对象。Indirect access to an object was requested.
46944694 不可用N/A Low 尝试保护受审核的受保护数据。Protection of auditable protected data was attempted.
46954695 不可用N/A Low 已尝试有人受审核的受保护数据。Unprotection of auditable protected data was attempted.
46964696 600600 Low 已将主令牌分配给 process。A primary token was assigned to process.
46974697 601601 Low 尝试安装服务Attempt to install a service
46984698 602602 Low 已创建计划任务。A scheduled task was created.
46994699 602602 Low 已删除计划的任务。A scheduled task was deleted.
47004700 602602 Low 已启用计划任务。A scheduled task was enabled.
47014701 602602 Low 已禁用计划任务。A scheduled task was disabled.
47024702 602602 Low 已更新计划任务。A scheduled task was updated.
47044704 608608 Low 已分配用户权限。A user right was assigned.
47054705 609609 Low 已删除用户权限。A user right was removed.
47074707 611611 Low 删除了域的信任。A trust to a domain was removed.
47094709 不可用N/A Low 已启动 IPsec 服务。IPsec Services was started.
47104710 不可用N/A Low IPsec 服务已禁用。IPsec Services was disabled.
47114711 不可用N/A Low 可能包含以下任何一项: PAStore 引擎在计算机上应用 Active Directory 存储 IPsec 策略的本地缓存副本。May contain any one of the following: PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer. PAStore 引擎应用 Active Directory 计算机上的存储 IPsec 策略。PAStore Engine applied Active Directory storage IPsec policy on the computer. PAStore 引擎在计算机上应用了本地注册表存储 IPsec 策略。PAStore Engine applied local registry storage IPsec policy on the computer. PAStore 引擎无法在计算机上应用 Active Directory 存储 IPsec 策略的本地缓存副本。PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer. PAStore 引擎无法在计算机上应用 Active Directory 存储 IPsec 策略。PAStore Engine failed to apply Active Directory storage IPsec policy on the computer. PAStore 引擎无法在计算机上应用本地注册表存储 IPsec 策略。PAStore Engine failed to apply local registry storage IPsec policy on the computer. PAStore 引擎无法在计算机上应用 active IPsec 策略的某些规则。PAStore Engine failed to apply some rules of the active IPsec policy on the computer. PAStore 引擎无法在计算机上加载目录存储 IPsec 策略。PAStore Engine failed to load directory storage IPsec policy on the computer. PAStore 引擎已在计算机上加载了目录存储 IPsec 策略。PAStore Engine loaded directory storage IPsec policy on the computer. PAStore 引擎无法在计算机上加载本地存储 IPsec 策略。PAStore Engine failed to load local storage IPsec policy on the computer. PAStore 引擎在计算机上加载了本地存储 IPsec 策略。PAStore 引擎轮询了对活动 IPsec 策略的更改,但未检测到任何更改。PAStore Engine loaded local storage IPsec policy on the computer.PAStore Engine polled for changes to the active IPsec policy and detected no changes.
47124712 不可用N/A Low IPsec 服务遇到可能严重的错误。IPsec Services encountered a potentially serious failure.
47174717 621621 Low 已将系统安全访问权限授予帐户。System security access was granted to an account.
47184718 622622 Low 已从帐户中删除系统安全访问。System security access was removed from an account.
47204720 624624 Low 已创建用户帐户。A user account was created.
47224722 626626 Low 用户帐户已启用。A user account was enabled.
47234723 627627 Low 尝试更改帐户的密码。An attempt was made to change an account's password.
47254725 629629 Low 用户帐户已禁用。A user account was disabled.
47264726 630630 Low 用户帐户已被删除。A user account was deleted.
47284728 632632 Low 已将成员添加到启用安全的全局组。A member was added to a security-enabled global group.
47294729 633633 Low 已从启用安全的全局组中删除成员。A member was removed from a security-enabled global group.
47304730 634634 Low 已删除启用安全的全局组。A security-enabled global group was deleted.
47314731 635635 Low 已创建安全的本地组。A security-enabled local group was created.
47324732 636636 Low 已将成员添加到启用安全的本地组。A member was added to a security-enabled local group.
47334733 637637 Low 已从启用安全的本地组中删除成员。A member was removed from a security-enabled local group.
47344734 638638 Low 已删除启用安全的本地组。A security-enabled local group was deleted.
47384738 642642 Low 已更改用户帐户。A user account was changed.
47404740 644644 Low 用户帐户被锁定。A user account was locked out.
47414741 645645 Low 计算机帐户已更改。A computer account was changed.
47424742 646646 Low 计算机帐户已更改。A computer account was changed.
47434743 647647 Low 计算机帐户已被删除。A computer account was deleted.
47444744 648648 Low 已创建安全禁用的本地组。A security-disabled local group was created.
47454745 649649 Low 已更改安全禁用的本地组。A security-disabled local group was changed.
47464746 650650 Low 已将成员添加到安全禁用的本地组。A member was added to a security-disabled local group.
47474747 651651 Low 已从安全禁用的本地组中删除成员。A member was removed from a security-disabled local group.
47484748 652652 Low 已删除安全禁用的本地组。A security-disabled local group was deleted.
47494749 653653 Low 已创建安全禁用的全局组。A security-disabled global group was created.
47504750 654654 Low 已更改安全禁用的全局组。A security-disabled global group was changed.
47514751 655655 Low 已将成员添加到禁用安全的全局组。A member was added to a security-disabled global group.
47524752 656656 Low 已从安全禁用的全局组中删除成员。A member was removed from a security-disabled global group.
47534753 657657 Low 禁用安全禁用的全局组。A security-disabled global group was deleted.
47564756 660660 Low 已将成员添加到启用安全的通用组。A member was added to a security-enabled universal group.
47574757 661661 Low 已从启用安全的通用组中删除成员。A member was removed from a security-enabled universal group.
47584758 662662 Low 已删除启用安全的通用组。A security-enabled universal group was deleted.
47594759 663663 Low 已创建安全禁用的通用组。A security-disabled universal group was created.
47604760 664664 Low 已更改安全禁用的通用组。A security-disabled universal group was changed.
47614761 665665 Low 已将成员添加到禁用安全的通用组。A member was added to a security-disabled universal group.
47624762 666666 Low 已从安全禁用的通用组中删除成员。A member was removed from a security-disabled universal group.
47674767 671671 Low 用户帐户已解锁。A user account was unlocked.
47684768 672676672,676 Low 请求了 (TGT) 的 Kerberos 身份验证票证。A Kerberos authentication ticket (TGT) was requested.
47694769 673673 Low 请求了 Kerberos 服务票证。A Kerberos service ticket was requested.
47704770 674674 Low 已续订 Kerberos 服务票证。A Kerberos service ticket was renewed.
47714771 675675 Low Kerberos 预身份验证失败。Kerberos pre-authentication failed.
47724772 672672 Low Kerberos 身份验证票证请求失败。A Kerberos authentication ticket request failed.
47744774 678678 Low 为登录映射了一个帐户。An account was mapped for logon.
47754775 679679 Low 无法映射帐户进行登录。An account could not be mapped for logon.
47764776 680681680,681 Low 域控制器尝试验证帐户的凭据。The domain controller attempted to validate the credentials for an account.
47774777 不可用N/A Low 域控制器无法验证帐户的凭据。The domain controller failed to validate the credentials for an account.
47784778 682682 Low 会话已重新连接到窗口工作站。A session was reconnected to a Window Station.
47794779 683683 Low 会话已与窗口工作站断开连接。A session was disconnected from a Window Station.
47814781 685685 Low 帐户的名称已更改:The name of an account was changed:
47824782 不可用N/A Low 已访问帐户的密码哈希。The password hash an account was accessed.
47834783 667667 Low 已创建基本的应用程序组。A basic application group was created.
47844784 不可用N/A Low 基本应用程序组已更改。A basic application group was changed.
47854785 689689 Low 已将成员添加到基本应用程序组。A member was added to a basic application group.
47864786 690690 Low 已从基本应用程序组中删除成员。A member was removed from a basic application group.
47874787 691691 Low 将非成员添加到了基本应用程序组。A nonmember was added to a basic application group.
47884788 692692 Low 从基本应用程序组中删除了非成员。A nonmember was removed from a basic application group.
47894789 693693 Low 基本应用程序组已删除。A basic application group was deleted.
47904790 694694 Low 已创建 LDAP 查询组。An LDAP query group was created.
47934793 不可用N/A Low 调用了密码策略检查 API。The Password Policy Checking API was called.
48004800 不可用N/A Low 工作站已被锁定。The workstation was locked.
48014801 不可用N/A Low 工作站已解锁。The workstation was unlocked.
48024802 不可用N/A Low 已调用屏幕保护程序。The screen saver was invoked.
48034803 不可用N/A Low 屏幕保护程序已消除。The screen saver was dismissed.
48644864 不可用N/A Low 检测到命名空间冲突。A namespace collision was detected.
48694869 773773 Low 证书服务收到重新提交的证书申请。Certificate Services received a resubmitted certificate request.
48714871 775775 Low 证书服务收到发布证书吊销列表 (CRL) 的申请。Certificate Services received a request to publish the certificate revocation list (CRL).
48724872 776776 Low 证书服务已发布证书吊销列表 (CRL)。Certificate Services published the certificate revocation list (CRL).
48734873 777777 Low 证书申请扩展已更改。A certificate request extension changed.
48744874 778778 Low 一个或多个证书申请属性已更改。One or more certificate request attributes changed.
48754875 779779 Low 证书服务收到执行关闭操作的申请。Certificate Services received a request to shut down.
48764876 780780 Low 证书服务备份已启动。Certificate Services backup started.
48774877 781781 Low 证书服务备份已完成。Certificate Services backup completed.
48784878 782782 Low 证书服务还原已启动。Certificate Services restore started.
48794879 783783 Low 证书服务还原已完成。Certificate Services restore completed.
48804880 784784 Low 证书服务已启动。Certificate Services started.
48814881 785785 Low 证书服务已停止。Certificate Services stopped.
48834883 787787 Low 证书服务检索到存档的密钥。Certificate Services retrieved an archived key.
48844884 788788 Low 证书服务已将证书导入到其数据库中。Certificate Services imported a certificate into its database.
48864886 790790 Low 证书服务收到证书申请。Certificate Services received a certificate request.
48874887 791791 Low 证书服务已批准证书申请并颁发证书。Certificate Services approved a certificate request and issued a certificate.
48884888 792792 Low 证书服务已拒绝证书申请。Certificate Services denied a certificate request.
48894889 793793 Low 证书服务将证书申请的状态设置为挂起。Certificate Services set the status of a certificate request to pending.
48914891 795795 Low 证书服务中的配置项已更改。A configuration entry changed in Certificate Services.
48934893 797797 Low 证书服务已存档密钥。Certificate Services archived a key.
48944894 798798 Low 证书服务已导入并存档密钥。Certificate Services imported and archived a key.
48954895 799799 Low 证书服务已将 CA 证书发布到 Active Directory 域服务。Certificate Services published the CA certificate to Active Directory Domain Services.
48984898 802802 Low 证书服务已加载模板。Certificate Services loaded a template.
49024902 不可用N/A Low 已创建每用户审核策略表。The Per-user audit policy table was created.
49044904 不可用N/A Low 尝试注册安全事件源。An attempt was made to register a security event source.
49054905 不可用N/A Low 尝试注销安全事件源。An attempt was made to unregister a security event source.
49094909 不可用N/A Low TBS 的本地策略设置已更改。The local policy settings for the TBS were changed.
49104910 不可用N/A Low TBS 的组策略设置已更改。The Group Policy settings for the TBS were changed.
49284928 不可用N/A Low 已建立 Active Directory 的副本源命名上下文。An Active Directory replica source naming context was established.
49294929 不可用N/A Low 已删除 Active Directory 副本源命名上下文。An Active Directory replica source naming context was removed.
49304930 不可用N/A Low 修改了 Active Directory 的副本源命名上下文。An Active Directory replica source naming context was modified.
49314931 不可用N/A Low 修改了 Active Directory 的副本目标命名上下文。An Active Directory replica destination naming context was modified.
49324932 不可用N/A Low 已开始同步 Active Directory 命名上下文的副本。Synchronization of a replica of an Active Directory naming context has begun.
49334933 不可用N/A Low Active Directory 命名上下文的副本同步已结束。Synchronization of a replica of an Active Directory naming context has ended.
49344934 不可用N/A Low 已复制 Active Directory 对象的特性。Attributes of an Active Directory object were replicated.
49354935 不可用N/A Low 复制失败开始。Replication failure begins.
49364936 不可用N/A Low 复制失败结束。Replication failure ends.
49374937 不可用N/A Low 从副本中删除了一个延迟对象。A lingering object was removed from a replica.
49444944 不可用N/A Low 启动 Windows 防火墙时,以下策略处于活动状态。The following policy was active when the Windows Firewall started.
49454945 不可用N/A Low Windows 防火墙启动时列出了规则。A rule was listed when the Windows Firewall started.
49464946 不可用N/A Low 对 Windows 防火墙例外列表进行了更改。A change has been made to Windows Firewall exception list. 已添加规则。A rule was added.
49474947 不可用N/A Low 对 Windows 防火墙例外列表进行了更改。A change has been made to Windows Firewall exception list. 已修改规则。A rule was modified.
49484948 不可用N/A Low 对 Windows 防火墙例外列表进行了更改。A change has been made to Windows Firewall exception list. 已删除规则。A rule was deleted.
49494949 不可用N/A Low Windows 防火墙设置已还原为默认值。Windows Firewall settings were restored to the default values.
49504950 不可用N/A Low Windows 防火墙设置已更改。A Windows Firewall setting has changed.
49514951 不可用N/A Low 已忽略规则,因为 Windows 防火墙无法识别其主版本号。A rule has been ignored because its major version number was not recognized by Windows Firewall.
49524952 不可用N/A Low 已忽略部分规则,因为 Windows 防火墙无法识别其次要版本号。Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. 将强制实施规则的其他部分。The other parts of the rule will be enforced.
49534953 不可用N/A Low Windows 防火墙已忽略规则,因为它无法分析规则。A rule has been ignored by Windows Firewall because it could not parse the rule.
49544954 不可用N/A Low Windows 防火墙组策略设置已更改。Windows Firewall Group Policy settings have changed. 已应用新设置。The new settings have been applied.
49564956 不可用N/A Low Windows 防火墙已更改活动配置文件。Windows Firewall has changed the active profile.
49574957 不可用N/A Low Windows 防火墙未应用以下规则:Windows Firewall did not apply the following rule:
49584958 不可用N/A Low Windows 防火墙未应用以下规则,因为此计算机上未配置的项目所引用的规则:Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer:
49794979 不可用N/A Low 已建立 IPsec 主模式和扩展模式安全关联。IPsec Main Mode and Extended Mode security associations were established.
49804980 不可用N/A Low 已建立 IPsec 主模式和扩展模式安全关联。IPsec Main Mode and Extended Mode security associations were established.
49814981 不可用N/A Low 已建立 IPsec 主模式和扩展模式安全关联。IPsec Main Mode and Extended Mode security associations were established.
49824982 不可用N/A Low 已建立 IPsec 主模式和扩展模式安全关联。IPsec Main Mode and Extended Mode security associations were established.
49854985 不可用N/A Low 事务的状态已更改。The state of a transaction has changed.
50245024 不可用N/A Low Windows 防火墙服务已成功启动。The Windows Firewall Service has started successfully.
50255025 不可用N/A Low Windows 防火墙服务已停止。The Windows Firewall Service has been stopped.
50315031 不可用N/A Low Windows 防火墙服务阻止应用程序接受网络上的传入连接。The Windows Firewall Service blocked an application from accepting incoming connections on the network.
50325032 不可用N/A Low Windows 防火墙无法通知用户它阻止了某个应用程序接受网络上的传入连接。Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
50335033 不可用N/A Low Windows 防火墙驱动程序已成功启动。The Windows Firewall Driver has started successfully.
50345034 不可用N/A Low Windows 防火墙驱动程序已停止。The Windows Firewall Driver has been stopped.
50395039 不可用N/A Low 注册表项已虚拟化。A registry key was virtualized.
50405040 不可用N/A Low 已对 IPsec 设置进行了更改。A change has been made to IPsec settings. 添加了身份验证集。An Authentication Set was added.
50415041 不可用N/A Low 已对 IPsec 设置进行了更改。A change has been made to IPsec settings. 已修改身份验证集。An Authentication Set was modified.
50425042 不可用N/A Low 已对 IPsec 设置进行了更改。A change has been made to IPsec settings. 已删除身份验证集。An Authentication Set was deleted.
50435043 不可用N/A Low 已对 IPsec 设置进行了更改。A change has been made to IPsec settings. 添加了连接安全规则。A Connection Security Rule was added.
50445044 不可用N/A Low 已对 IPsec 设置进行了更改。A change has been made to IPsec settings. 已修改连接安全规则。A Connection Security Rule was modified.
50455045 不可用N/A Low 已对 IPsec 设置进行了更改。A change has been made to IPsec settings. 已删除连接安全规则。A Connection Security Rule was deleted.
50465046 不可用N/A Low 已对 IPsec 设置进行了更改。A change has been made to IPsec settings. 已添加加密集。A Crypto Set was added.
50475047 不可用N/A Low 已对 IPsec 设置进行了更改。A change has been made to IPsec settings. 加密集已修改。A Crypto Set was modified.
50485048 不可用N/A Low 已对 IPsec 设置进行了更改。A change has been made to IPsec settings. 加密集已被删除。A Crypto Set was deleted.
50505050 不可用N/A Low 尝试使用对 InetFwProfile 的调用以编程方式禁用 Windows 防火墙 (False) An attempt to programmatically disable the Windows Firewall using a call to InetFwProfile.FirewallEnabled(False)
50515051 不可用N/A Low 已对文件进行虚拟化。A file was virtualized.
50565056 不可用N/A Low 已执行加密自检。A cryptographic self test was performed.
50575057 不可用N/A Low 加密基元操作失败。A cryptographic primitive operation failed.
50585058 不可用N/A Low 密钥文件操作。Key file operation.
50595059 不可用N/A Low 密钥迁移操作。Key migration operation.
50605060 不可用N/A Low 验证操作失败。Verification operation failed.
50615061 不可用N/A Low 加密操作。Cryptographic operation.
50625062 不可用N/A Low 已执行内核模式加密自检。A kernel-mode cryptographic self test was performed.
50635063 不可用N/A Low 尝试了加密提供程序操作。A cryptographic provider operation was attempted.
50645064 不可用N/A Low 尝试了加密上下文操作。A cryptographic context operation was attempted.
50655065 不可用N/A Low 尝试了加密上下文修改。A cryptographic context modification was attempted.
50665066 不可用N/A Low 尝试加密函数操作。A cryptographic function operation was attempted.
50675067 不可用N/A Low 尝试了加密函数修改。A cryptographic function modification was attempted.
50685068 不可用N/A Low 尝试了加密函数提供程序操作。A cryptographic function provider operation was attempted.
50695069 不可用N/A Low 尝试了加密函数属性操作。A cryptographic function property operation was attempted.
50705070 不可用N/A Low 尝试修改加密函数属性。A cryptographic function property modification was attempted.
51255125 不可用N/A Low 请求已提交到 OCSP 响应程序服务A request was submitted to the OCSP Responder Service
51265126 不可用N/A Low OCSP 响应程序服务自动更新签名证书Signing Certificate was automatically updated by the OCSP Responder Service
51275127 不可用N/A Low OCSP 吊销提供程序已成功更新吊销信息The OCSP Revocation Provider successfully updated the revocation information
51365136 566566 Low 修改了目录服务对象。A directory service object was modified.
51375137 566566 Low 已创建目录服务对象。A directory service object was created.
51385138 不可用N/A Low 删除了目录服务对象。A directory service object was undeleted.
51395139 不可用N/A Low 目录服务对象已移动。A directory service object was moved.
51405140 不可用N/A Low 访问了网络共享对象。A network share object was accessed.
51415141 不可用N/A Low 目录服务对象已删除。A directory service object was deleted.
51525152 不可用N/A Low Windows 筛选平台阻止了数据包。The Windows Filtering Platform blocked a packet.
51535153 不可用N/A Low 限制更严格的 Windows 筛选平台筛选器阻止了数据包。A more restrictive Windows Filtering Platform filter has blocked a packet.
51545154 不可用N/A Low Windows 筛选平台已允许应用程序或服务侦听传入连接的端口。The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
51555155 不可用N/A Low Windows 筛选平台阻止了应用程序或服务侦听传入连接的端口。The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
51565156 不可用N/A Low Windows 筛选平台已允许连接。The Windows Filtering Platform has allowed a connection.
51575157 不可用N/A Low Windows 筛选平台已阻止连接。The Windows Filtering Platform has blocked a connection.
51585158 不可用N/A Low Windows 筛选平台已允许绑定到本地端口。The Windows Filtering Platform has permitted a bind to a local port.
51595159 不可用N/A Low Windows 筛选平台已阻止绑定到本地端口。The Windows Filtering Platform has blocked a bind to a local port.
53785378 不可用N/A Low 策略不允许所请求的凭据委派。The requested credentials delegation was disallowed by policy.
54405440 不可用N/A Low 当 Windows 筛选平台基本筛选引擎启动时,将出现以下标注。The following callout was present when the Windows Filtering Platform Base Filtering Engine started.
54415441 不可用N/A Low 当 Windows 筛选平台基本筛选引擎启动时,将出现以下筛选器。The following filter was present when the Windows Filtering Platform Base Filtering Engine started.
54425442 不可用N/A Low Windows 筛选平台基本筛选引擎启动时,存在以下提供程序。The following provider was present when the Windows Filtering Platform Base Filtering Engine started.
54435443 不可用N/A Low Windows 筛选平台基本筛选引擎启动时,存在以下提供程序上下文。The following provider context was present when the Windows Filtering Platform Base Filtering Engine started.
54445444 不可用N/A Low 当 Windows 筛选平台基本筛选引擎启动时,将出现以下子层。The following sublayer was present when the Windows Filtering Platform Base Filtering Engine started.
54465446 不可用N/A Low 已更改 Windows 筛选平台标注。A Windows Filtering Platform callout has been changed.
54475447 不可用N/A Low Windows 筛选平台筛选器已更改。A Windows Filtering Platform filter has been changed.
54485448 不可用N/A Low Windows 筛选平台提供程序已更改。A Windows Filtering Platform provider has been changed.
54495449 不可用N/A Low 已更改 Windows 筛选平台提供程序上下文。A Windows Filtering Platform provider context has been changed.
54505450 不可用N/A Low 已更改 Windows 筛选平台子层。A Windows Filtering Platform sublayer has been changed.
54515451 不可用N/A Low 已建立 IPsec 快速模式安全关联。An IPsec Quick Mode security association was established.
54525452 不可用N/A Low IPsec 快速模式安全关联已结束。An IPsec Quick Mode security association ended.
54565456 不可用N/A Low PAStore 引擎应用 Active Directory 计算机上的存储 IPsec 策略。PAStore Engine applied Active Directory storage IPsec policy on the computer.
54575457 不可用N/A Low PAStore 引擎无法在计算机上应用 Active Directory 存储 IPsec 策略。PAStore Engine failed to apply Active Directory storage IPsec policy on the computer.
54585458 不可用N/A Low PAStore 引擎在计算机上应用了 Active Directory 存储 IPsec 策略的本地缓存副本。PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer.
54595459 不可用N/A Low PAStore 引擎无法在计算机上应用 Active Directory 存储 IPsec 策略的本地缓存副本。PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer.
54605460 不可用N/A Low PAStore 引擎在计算机上应用了本地注册表存储 IPsec 策略。PAStore Engine applied local registry storage IPsec policy on the computer.
54615461 不可用N/A Low PAStore 引擎无法在计算机上应用本地注册表存储 IPsec 策略。PAStore Engine failed to apply local registry storage IPsec policy on the computer.
54625462 不可用N/A Low PAStore 引擎无法在计算机上应用 active IPsec 策略的某些规则。PAStore Engine failed to apply some rules of the active IPsec policy on the computer. 使用 "IP 安全监视器" 管理单元来诊断问题。Use the IP Security Monitor snap-in to diagnose the problem.
54635463 不可用N/A Low PAStore 引擎轮询了对活动 IPsec 策略的更改,但未检测到任何更改。PAStore Engine polled for changes to the active IPsec policy and detected no changes.
54645464 不可用N/A Low PAStore 引擎轮询了对活动 IPsec 策略的更改,检测到更改,并将其应用到了 IPsec 服务。PAStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Services.
54655465 不可用N/A Low PAStore 引擎接收到用于 IPsec 策略强制重新加载的控件,并且已成功处理该控件。PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully.
54665466 不可用N/A Low PAStore 引擎对 Active Directory IPsec 策略的更改进行轮询,确定无法访问 Active Directory,将改用 Active Directory IPsec 策略的缓存副本。PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead. 自上次轮询后对 Active Directory IPsec 策略进行的任何更改都无法应用。Any changes made to the Active Directory IPsec policy since the last poll could not be applied.
54675467 不可用N/A Low PAStore 引擎对 Active Directory IPsec 策略的更改进行轮询,确定可以访问 Active Directory,而不会对策略进行任何更改。PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy. 不再使用 Active Directory IPsec 策略的缓存副本。The cached copy of the Active Directory IPsec policy is no longer being used.
54685468 不可用N/A Low PAStore 引擎对 Active Directory IPsec 策略的更改进行轮询,确定可以访问 Active Directory,找到对策略的更改,然后应用这些更改。PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes. 不再使用 Active Directory IPsec 策略的缓存副本。The cached copy of the Active Directory IPsec policy is no longer being used.
54715471 不可用N/A Low PAStore 引擎在计算机上加载了本地存储 IPsec 策略。PAStore Engine loaded local storage IPsec policy on the computer.
54725472 不可用N/A Low PAStore 引擎无法在计算机上加载本地存储 IPsec 策略。PAStore Engine failed to load local storage IPsec policy on the computer.
54735473 不可用N/A Low PAStore 引擎已在计算机上加载了目录存储 IPsec 策略。PAStore Engine loaded directory storage IPsec policy on the computer.
54745474 不可用N/A Low PAStore 引擎无法在计算机上加载目录存储 IPsec 策略。PAStore Engine failed to load directory storage IPsec policy on the computer.
54775477 不可用N/A Low PAStore 引擎无法添加快速模式筛选器。PAStore Engine failed to add quick mode filter.
54795479 不可用N/A Low 已成功关闭 IPsec 服务。IPsec Services has been shut down successfully. 关闭 IPsec 服务可以使计算机面临网络攻击的更大风险,或使计算机面临潜在的安全风险。The shutdown of IPsec Services can put the computer at greater risk of network attack or expose the computer to potential security risks.
56325632 不可用N/A Low 向无线网络进行身份验证的请求。A request was made to authenticate to a wireless network.
56335633 不可用N/A Low 发出了向有线网络进行身份验证的请求。A request was made to authenticate to a wired network.
57125712 不可用N/A Low 尝试远程过程调用 (RPC) 。A Remote Procedure Call (RPC) was attempted.
58885888 不可用N/A Low 已修改 COM + 目录中的对象。An object in the COM+ Catalog was modified.
58895889 不可用N/A Low 从 COM + 目录删除了对象。An object was deleted from the COM+ Catalog.
58905890 不可用N/A Low 已将对象添加到 COM + 目录中。An object was added to the COM+ Catalog.
60086008 不可用N/A Low 之前的系统关闭意外The previous system shutdown was unexpected
61446144 不可用N/A Low 组策略对象中的安全策略已成功应用。Security policy in the Group Policy objects has been applied successfully.
62726272 不可用N/A Low 为用户授予了访问权限的网络策略服务器。Network Policy Server granted access to a user.
不可用N/A 561561 Low 请求了对象的句柄。A handle to an object was requested.
不可用N/A 563563 Low 对象打开以进行删除Object open for delete
不可用N/A 625625 Low 用户帐户类型已更改User Account Type Changed
不可用N/A 613613 Low IPsec 策略代理已启动IPsec policy agent started
不可用N/A 614614 Low IPsec 策略代理已禁用IPsec policy agent disabled
不可用N/A 615615 Low IPsec 策略代理IPsec policy agent
不可用N/A 616616 Low IPsec 策略代理遇到潜在的严重故障IPsec policy agent encountered a potential serious failure
2457724577 不可用N/A Low 卷加密已启动Encryption of volume started
2457824578 不可用N/A Low 卷加密已停止Encryption of volume stopped
2457924579 不可用N/A Low 已完成卷加密Encryption of volume completed
2458024580 不可用N/A Low 已启动卷解密Decryption of volume started
2458124581 不可用N/A Low 已停止解密卷Decryption of volume stopped
2458224582 不可用N/A Low 已完成解密卷Decryption of volume completed
2458324583 不可用N/A Low 卷的转换工作线程已启动Conversion worker thread for volume started
2458424584 不可用N/A Low 卷的转换工作线程暂时停止Conversion worker thread for volume temporarily stopped
2458824588 不可用N/A Low 卷 %2 上的转换操作遇到错误扇区错误。The conversion operation on volume %2 encountered a bad sector error. 请验证此卷上的数据Please validate the data on this volume
2459524595 不可用N/A Low 卷 %2 包含错误群集。Volume %2 contains bad clusters. 在转换过程中将跳过这些群集。These clusters will be skipped during conversion.
2462124621 不可用N/A Low 初始状态检查:滚动 %2 上的卷转换事务。Initial state check: Rolling volume conversion transaction on %2.
50495049 不可用N/A Low 已删除 IPsec 安全关联。An IPsec Security Association was deleted.
54785478 不可用N/A Low IPsec 服务已成功启动。IPsec Services has started successfully.

备注

有关许多安全事件 Id 及其含义的列表,请参阅 Windows 安全审核事件Refer to Windows security audit events for a list of many security event IDs and their meanings.

运行 wevtutil Gp Microsoft Windows-Security-审核/ge/gm: true 以获取所有安全事件 id 的详细列表Run wevtutil gp Microsoft-Windows-Security-Auditing /ge /gm:true to get a very detailed listing of all security event IDs

有关 Windows 安全事件 Id 及其含义的详细信息,请参阅 Microsoft 支持部门文章 windows 7 和 Windows Server 2008 R2 中的安全事件描述For more information about Windows security event IDs and their meanings, see the Microsoft Support article Description of security events in Windows 7 and in Windows Server 2008 R2. 你还可以下载 适用于 windows 7 和 Windows server 2008 R2 和 windows 8 和 Windows Server 2012 安全事件详细信息的安全审核事件,这些事件详细信息提供了针对电子表格格式的引用操作系统的详细事件信息。You can also download Security Audit Events for Windows 7 and Windows Server 2008 R2 and Windows 8 and Windows Server 2012 Security Event Details, which provide detailed event information for the referenced operating systems in spreadsheet format.