Event ID - 635

Event Id635
SourceSecurity
DescriptionSecurity Enabled Local Group Created:

New Account Name: <New Account Name>
      New Domain: <New Domain>
      New Account ID: <New Account ID>
      Caller User Name: <Caller User Name>
      Caller Domain: <Caller Domain>
      Caller Logon ID: <Caller Logon ID>
      Privileges: <Privileges>      

Attributes:
      Sam Account Name: <Sam Account Name>
      Sid History: <Sid History>     

Event InformationAccording to Microsoft:
Cause :
This event record indicates that a local group account has been created. There is no Failure Audit form of this audit event record.
Resolution:
This is an information event.
Reference LinksEvent ID 635 from Source Security

Alternate Event ID in Vista and Windows Server 2008 is 4731.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh