Solved

Event Viewer ID Question

Posted on 2011-02-12
1
449 Views
Last Modified: 2012-05-11
I am studying for my MCITP 70-622 and have a quick question on event ID's.  

The text says that when an event begins it is assigned a number for example

4000 for user start up.  Got that

Then it says that when the event completes it will have an event id that is exactly 4000 higher so Event ID 8000 would have a description of "completed computer boot policy...."  I understand that.

The problem is that in the very next line it says for events 5000-5299 indicate group policy processing has completed successfully....these events will always have an event id 1000 heigher than the corresponding scenario start event

That is exactly what they said about the 8000-8299 range.  

What is the difference between the 8000-8299 and 5000-5299 range?
Is one for the computer group policy configuration and one for user group policy configuration because the book doesn't make that distinction?

Any help would be much appreciated.  Thanks

Aaron
0
Comment
Question by:AJJ36
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 18

Accepted Solution

by:
Jerry Miller earned 500 total points
ID: 34879178
Here is a link that explains the events that correspond to particular event ids:

http://technet.microsoft.com/en-us/library/cc749336%28WS.10%29.aspx

The difference is that some are events for Group Policy (4000–4007) and some are events for components of Group Policy (4016–4299, 500-5029).
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question