<div>
Thanks. &nbsp;How did you figure that out? I'll need the same list for event id 4660
</div>


Thanks.  How did you figure that out? I'll need the same list for event id 4660

<div>
I have it memorized from years of SCOM and ACS :)<br />
<br />
The easiest way is to open the event you are concerned about in event viewer, select the copy command. &nbsp;Paste the contents into notepad and you will have the XMLdata of the event.<br />
<br />
If you look under the EventData section, you'll notice a number of &lt;Data Name=&quot;.... Each of those is a string and can be referred to as String01, String02, String03, in order, until you reach the end..
</div>


I have it memorized from years of SCOM and ACS :)

The easiest way is to open the event you are concerned about in event viewer, select the copy command.  Paste the contents into notepad and you will have the XMLdata of the event.

If you look under the EventData section, you'll notice a number of <Data Name=".... Each of those is a string and can be referred to as String01, String02, String03, in order, until you reach the end..

<div>
<div class="content wysiwyg-content">
I'm trying to alert when files are deleted in a folder. I turned on auditing for deletes and I see event id 4663 in the security log. &nbsp;I'm using SCOM 2012 to comb the event log. &nbsp;<br />
<br />
What I need to know is what is the parameters values for this alert. <br />
<br />
Specifically, what parameter value is the &quot;DELETE&quot; value.<br />
&nbsp;<br />
<br />
Access Request Information:<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Accesses: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;DELETE
</div>
</div>


I'm trying to alert when files are deleted in a folder. I turned on auditing for deletes and I see event id 4663 in the security log.  I'm using SCOM 2012 to comb the event log.  

What I need to know is what is the parameters values for this alert. 

Specifically, what parameter value is the "DELETE" value.
 

Access Request Information:
	Accesses:	DELETE

Parameters list in Security Event ID 4663

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.

Microsoft Legacy OS

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.