Audit Other Object Access Events
Applies To: Windows 7, Windows Server 2008 R2
This security policy setting determines whether the operating system generates audit events for the management of Task Scheduler jobs or COM+ objects.
For scheduler jobs, the following are audited:
Job created.
Job deleted.
Job enabled.
Job disabled.
Job updated.
For COM+ objects, the following are audited:
Catalog object added.
Catalog object updated.
Catalog object deleted.
Event volume: Low
Default: Not configured
If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista, unless otherwise noted.
| Event ID | Event message | ||
|---|---|---|---|
4671 |
An application attempted to access a blocked ordinal through the TBS. |
||
4691 |
Indirect access to an object was requested. |
||
4698 |
A scheduled task was created. |
||
4699 |
A scheduled task was deleted. |
||
4700 |
A scheduled task was enabled. |
||
4701 |
A scheduled task was disabled. |
||
4702 |
A scheduled task was updated. |
||
5148 |
The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
|
||
5149 |
The DoS attack has subsided and normal processing is being resumed. Note This event is logged only on computers running Windows Server 2008 R2 or Windows 7.
|
||
5888 |
An object in the COM+ Catalog was modified. |
||
5889 |
An object was deleted from the COM+ Catalog. |
||
5890 |
An object was added to the COM+ Catalog. |
.gif)
Note