Solved

Event ID 612

Posted on 2012-04-09
5
322 Views
Last Modified: 2012-04-13
On a Win XP SP3 computer, in the Security log there is a record that occurs about every 17 hours.  It is "EventID 612 - Audit Policy Change".  We are not changing audit policies that frequently.

Does anyone know why we are getting this record on such a consistent and regular basis, i.e., what is running every 17 hours that causes the 612 EventID to show up in the Security log?
0
Comment
Question by:GregMani34
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37824565
Event ID 612 indicates that a change in audit policy has been made on the local computer. The logging of Event ID 612 is the expected behavior when you restart Windows XP

http://support.microsoft.com/kb/840633
0
 

Author Comment

by:GregMani34
ID: 37824672
Thanks for the response, but that does not explain why we keep getting the 612 EventID.  We get this message about every 17 hours and we do not restart our computer that often.  The computer can run days/weeks without a restart and still get this message on a regular basis.
0
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 500 total points
ID: 37824781
may be service is getting started at the specific time..

you will require to check  application security and system logs during the same time when this is getting generated to get better picture.
0
 
LVL 5

Expert Comment

by:kanalQko
ID: 37825815
This event occurs (even if the policy doesn't actually change) if you have a policy applied to the workstation (or the containing OU/AD) via the Active Directory. When the workstation boots, it sets its audit policy according to the local settings, then the AD forces its settings on the server and this creates the 612 in the event log, even if the local policy is identical to the applied policy.

No worry about this event log, it`s only information
0
 

Author Closing Comment

by:GregMani34
ID: 37844006
The comment from "Anuroopsundd" led me to what seems to be the solution.  In the Application log there were events with ID 1704 occuring and the almost identical time as the 612 event ID in the Security log.  There is a registry setting that can be made to control how often the "1704 process" takes place.  Was able to cut down on the number of 612 and 1704 occurences with this registry setting.
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
rebuilding your XP box 15 164
Need IE 6 on Win 7 or Win 10 23 113
Event ID: 7016 / Source: Microsoft-Windows-GroupPolicy 7 151
Transfer configuration between Windows XP installations 4 85
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question