Event ID 684 - Set ACLs of members in administrators groups
|Sub category||User account management|
|Description||The ACL was set on accounts which are members of administrators groups|
In Active Directory, when ACL is set on accounts that are members of administrators group, event ID 684 gets logged.
This log data gives the following information:
|Subject: User who performed the action||Security ID
|Target Account||Security ID
Why event ID 684 needs to be monitored?
- Prevention of privilege abuse
- Detection of potential malicious activity
- Operational purposes like getting information on user activity like user attendance, peak logon times, etc.
- Compliance mandates
Real-time Group Policy change audit reports from ADAudit Plus audits all changes that happen to a Group Policy object over its lifetime and provides a clear insight on the history of changes made to the Group Policy object.
Event 684 applies to the following operating systems:
- Windows Server 2000
- Windows 2003 and XP
Corresponding event ID for 684 in Windows Server 2008 and Vista is 4780
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools