sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code
e8dda8421b
samba-mirror/librpc/idl/windows_event_ids.idl
Gary Lockyer 87a8325a0d s4 group_audit: Add Windows Event Id's to Group membership changes 
Generate a GroupChange event when a user is created with a PrimaryGroup
membership.  Log the windows event id in the JSON GroupChange message.

Event Id's supported are:
	4728	A member was added to a security enabled global group
	4729	A member was removed from a security enabled global
		group
	4732	A member was added to a security enabled local group
	4733	A member was removed from a security enabled local group
	4746	A member was added to a security disabled local group
	4747	A member was removed from a security disabled local group
	4751	A member was added to a security disabled global group
	4752	A member was removed from a security disabled global
		group
	4756	A member was added to a security enabled universal
		group
	4757	A member was removed from a security enabled universal
		group
	4761	A member was added to a security disabled universal
		group
	4762	A member was removed from a security disabled universal
		group

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-21 22:16:09 +01:00

43 lines
1.2 KiB
Plaintext
Raw Blame History

/*
IDL constants for windows event codes.
*/
[
pointer_default(unique)
]
interface windows_events
{
typedef [v1_enum,public] enum {
EVT_ID_NONE = 0,
EVT_ID_SUCCESSFUL_LOGON = 4624,
EVT_ID_UNSUCCESSFUL_LOGON = 4625,
EVT_ID_PASSWORD_CHANGE = 4723,
EVT_ID_PASSWORD_RESET = 4724,
EVT_ID_USER_ADDED_TO_GLOBAL_SEC_GROUP = 4728,
EVT_ID_USER_REMOVED_FROM_GLOBAL_SEC_GROUP = 4729,
EVT_ID_USER_ADDED_TO_LOCAL_SEC_GROUP = 4732,
EVT_ID_USER_REMOVED_FROM_LOCAL_SEC_GROUP = 4733,
EVT_ID_USER_ADDED_TO_LOCAL_GROUP = 4746,
EVT_ID_USER_REMOVED_FROM_LOCAL_GROUP = 4747,
EVT_ID_USER_ADDED_TO_GLOBAL_GROUP = 4751,
EVT_ID_USER_REMOVED_FROM_GLOBAL_GROUP = 4752,
EVT_ID_USER_ADDED_TO_UNIVERSAL_SEC_GROUP = 4756,
EVT_ID_USER_REMOVED_FROM_UNIVERSAL_SEC_GROUP = 4757,
EVT_ID_USER_ADDED_TO_UNIVERSAL_GROUP = 4761,
EVT_ID_USER_REMOVED_FROM_UNIVERSAL_GROUP = 4762
} event_id_type;
typedef [v1_enum,public] enum {
EVT_LOGON_INTERACTIVE = 2,
EVT_LOGON_NETWORK = 3,
EVT_LOGON_BATCH = 4,
EVT_LOGON_SERVICE = 5,
EVT_LOGON_UNLOCK = 7,
EVT_LOGON_NETWORK_CLEAR_TEXT = 8,
EVT_LOGON_NEW_CREDENTIALS = 9,
EVT_LOGON_REMOTE_INTERACTIVE = 10,
EVT_LOGON_CACHED_INTERACTIVE = 11
} event_logon_type;
}
View Git Blame Copy Permalink