Event ID 660 - Security Enabled Universal Group Member Added
|Security group management
|A member was added to a security-enabled universal group
When Active Directory objects such as an user/group/computer is added to a universal security group, event ID 660 gets logged.
This log data gives the following information:
|Subject: User who performed the action
|Member: Object added to the distribution group
|Group: Distribution group to which the object was added
Why event ID 660 needs to be monitored?
- Prevention of privilege abuse
- Detection of potential malicious activity
- Operational purposes like getting information on user activity like user attendance, peak logon times, etc.
- Compliance mandates
ADAudit Plus alerts and tracks critical activities such as adding or removing user/group/computer to security and distribution groups, thus making Active Directory auditing much easier.
Event 660 applies to the following operating systems:
- Windows Server 2000
- Windows 2003 and XP
Corresponding event ID for 660 in Windows Server 2008 and Vista is 4756
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools