| Event Id | 632 |
| Source | Security |
| Description | Security Enabled Global Group Member Added: Member Name: <Member Name> Member ID: <Member ID> Target Account Name: <Target Account Name> Target Domain: <Target Domain> Target Account ID: <Target Account ID> Caller User Name: <Caller User Name> Caller Domain: <Caller Domain> Caller Logon ID: <Caller Logon ID> Privileges: <Privileges> |
| Event Information | According to Microsoft : Cause : This event is logged when a user or group account was added to a global security group on the domain. 1)The Member Name field specifies the user who was added. 2)The Member ID field specifies the user's domain-qualified user name. 3)The Target Account Name and Target Domain fields specify the group to which the user was added. 4)The Target Account ID is the security identifier (SID) of the user or group that was added. 5)The Caller User Name field specifies the user who made the change. 6)The Caller Logon ID field specifies the logon ID of the user who made the change. 7)The Privileges field for this event is usually empty. Resolution : This is an information event and No user action is required. ------------------------------------------------------------------------------------------- Cause: This audit record indicates that a new member has been added to a global group. This event also occurs when a user account is created and added to the built-in None group used internally by Windows 2000. There is no Failure Audit form of this audit event record. Adding members to groups can have security implications. This is especially true when a user is added to the Administrator group. |
| Reference Links | Event ID 632 from Source Security Alternate Event ID in Vista and Windows Server 2008 is 4728. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.