[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Event ID 612

Posted on 2012-04-09
5
Medium Priority
?
348 Views
Last Modified: 2012-04-13
On a Win XP SP3 computer, in the Security log there is a record that occurs about every 17 hours.  It is "EventID 612 - Audit Policy Change".  We are not changing audit policies that frequently.

Does anyone know why we are getting this record on such a consistent and regular basis, i.e., what is running every 17 hours that causes the 612 EventID to show up in the Security log?
0
Comment
Question by:GregMani34
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37824565
Event ID 612 indicates that a change in audit policy has been made on the local computer. The logging of Event ID 612 is the expected behavior when you restart Windows XP

http://support.microsoft.com/kb/840633
0
 

Author Comment

by:GregMani34
ID: 37824672
Thanks for the response, but that does not explain why we keep getting the 612 EventID.  We get this message about every 17 hours and we do not restart our computer that often.  The computer can run days/weeks without a restart and still get this message on a regular basis.
0
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 2000 total points
ID: 37824781
may be service is getting started at the specific time..

you will require to check  application security and system logs during the same time when this is getting generated to get better picture.
0
 
LVL 5

Expert Comment

by:kanalQko
ID: 37825815
This event occurs (even if the policy doesn't actually change) if you have a policy applied to the workstation (or the containing OU/AD) via the Active Directory. When the workstation boots, it sets its audit policy according to the local settings, then the AD forces its settings on the server and this creates the 612 in the event log, even if the local policy is identical to the applied policy.

No worry about this event log, it`s only information
0
 

Author Closing Comment

by:GregMani34
ID: 37844006
The comment from "Anuroopsundd" led me to what seems to be the solution.  In the Application log there were events with ID 1704 occuring and the almost identical time as the 612 event ID in the Security log.  There is a registry setting that can be made to control how often the "1704 process" takes place.  Was able to cut down on the number of 612 and 1704 occurences with this registry setting.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question