Skip navigation
Menu
Compute Engines

JSI Tip 2916. Meaningless Security log 617 events in Windows 2000?


When you enable the Audit policy change policy in the Default Domain Policy or in the Default Domain Controllers Policy, a Success event 617 is logged, even if no policy change has occurred?

By default, Security policy is progagated:

- Every 5 minutes when the domain controller's GPO is refreshed.

- Every 16 hours, regardless of whether or not a policy change has occurred.

- When you use the SECEDIT /RefreshPolicy machine_policy /enforce command.

If no policy changes occured since the last update, something like the following is logged:

Date: 9/13/2000                   Source:   Security
Time: 9:30:17 AM                  Category: Policy Change
Type: Success                     Event ID: 617
User: NT AUTHORITY\SYSTEM
Computer: JSI001

Description:
"Kerberos Policy Changed:

Changed By:
 	User Name:	JSI001$
 	Domain Name:	JSIINC
 	Logon ID:	(0x0,0x3E7)
Changes made:
('--' means no changes, otherwise each change is shown as:
<ParameterName>: <new value> (<old value>))
--

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023