Event ID - 636

Event Id636
SourceSecurity
DescriptionSecurity Enabled Local Group Member Added:

Member Name: <Member Name>
      Member ID: <Member ID>
      Target Account Name: <Target Account Name>
      Target Domain: <Target Domain>
      Target Account ID: <Target Account ID>
      Caller User Name: <Caller User Name>
      Caller Domain: <Caller Domain>
      Caller Logon ID: <Caller Logon ID>
      Privileges: <Privileges>     

Event InformationAccording to Microsoft :
Cause :
A user or group account was added to a local security group on the computer or on the domain.
1)The Member Name field specifies the user or group account that was added.
2)The Member ID field specifies the target account security identifier (SID), but this is displayed as the domain-qualified user name by Event Viewer.
3)The Target Account Name and Target Domain fields specify the group to which the user was added.
4)The Target Account ID specifies the security identifier (SID) of the group that was added.
5)The Caller User Name field specifies the user who made the change.
6)The Caller Logon ID field specifies the logon ID of the user who made the change.
7)The Privileges field for this event is usually empty.
Resolution :
No user action is required.
Reference LinksEvent ID 636 from Source Security

Alternate Event ID in Vista and Windows Server 2008 is 4732.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh