Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > Windows 10 Security Event Log populated with ID 4703 events

Windows 10 Security Event Log populated with ID 4703 events

Table of contents

 

Overview

Windows 10 can generate Policy Change auditing events with ID 4703. These events are generated when your audit policy settings are set to SUCCESS and the requested action succeeds. 

Policy Change auditing is usually set to to audit FAIL events. When you change this setting to SUCCESS, you may receive multiple events in your security log. These events may not be critical security events, which can require an extensive amount of time to troubleshoot and resolve. 

Environment

  • Workstations running Windows 10

Detail

LEM 6.3 will not normalize ID 4703 events related to your LEM agent. You can disable the SUCCESS auditing policy in the group policy console located at:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy

 

 

 

Last modified

Tags

Classifications

Public