Skip to content

Instantly share code, notes, and snippets.

@leopucci

leopucci/auditmap.go

Last active April 16, 2019 10:38
Show Gist options
  • Save leopucci/25a06a305a2a74f297eab1493a136dcb to your computer and use it in GitHub Desktop.
Save leopucci/25a06a305a2a74f297eab1493a136dcb to your computer and use it in GitHub Desktop.
Download ZIP
Windows 10 msobjs.dll audit list converted to go map
Raw
auditmap.go
auditMessageMap := map[int]string{
279: "Undefined Access (no effect) Bit 7",
1536: "Unused message ID",
1537: "DELETE",
1538: "READ_CONTROL",
1539: "WRITE_DAC",
1540: "WRITE_OWNER",
1541: "SYNCHRONIZE",
1542: "ACCESS_SYS_SEC",
1543: "MAX_ALLOWED",
1552: "Unknown specific access (bit 0)",
1553: "Unknown specific access (bit 1)",
1554: "Unknown specific access (bit 2)",
1555: "Unknown specific access (bit 3)",
1556: "Unknown specific access (bit 4)",
1557: "Unknown specific access (bit 5)",
1558: "Unknown specific access (bit 6)",
1559: "Unknown specific access (bit 7)",
1560: "Unknown specific access (bit 8)",
1561: "Unknown specific access (bit 9)",
1562: "Unknown specific access (bit 10)",
1563: "Unknown specific access (bit 11)",
1564: "Unknown specific access (bit 12)",
1565: "Unknown specific access (bit 13)",
1566: "Unknown specific access (bit 14)",
1567: "Unknown specific access (bit 15)",
1601: "Not used",
1603: "Assign Primary Token Privilege",
1604: "Lock Memory Privilege",
1605: "Increase Memory Quota Privilege",
1606: "Unsolicited Input Privilege",
1607: "Trusted Computer Base Privilege",
1608: "Security Privilege",
1609: "Take Ownership Privilege",
1610: "Load/Unload Driver Privilege",
1611: "Profile System Privilege",
1612: "Set System Time Privilege",
1613: "Profile Single Process Privilege",
1614: "Increment Base Priority Privilege",
1615: "Create Pagefile Privilege",
1616: "Create Permanent Object Privilege",
1617: "Backup Privilege",
1618: "Restore From Backup Privilege",
1619: "Shutdown System Privilege",
1620: "Debug Privilege",
1621: "View or Change Audit Log Privilege",
1622: "Change Hardware Environment Privilege",
1623: "Change Notify (and Traverse) Privilege",
1624: "Remotely Shut System Down Privilege",
1792: "<value changed, but not displayed>",
1793: "<value not set>",
1794: "<never>",
1795: "Enabled",
1796: "Disabled",
1797: "All",
1798: "None",
1799: "Audit Policy query/set API Operation",
1800: "<Value change auditing for this registry type is not supported>",
1801: "Granted by",
1802: "Denied by",
1803: "Denied by Integrity Policy check",
1804: "Granted by Ownership",
1805: "Not granted",
1806: "Granted by NULL DACL",
1807: "Denied by Empty DACL",
1808: "Granted by NULL Security Descriptor",
1809: "Unknown or unchecked",
1810: "Not granted due to missing",
1811: "Granted by ACE on parent folder",
1812: "Denied by ACE on parent folder",
1813: "Granted by Central Access Rule ",
1814: "NOT Granted by Central Access Rule ",
1815: "Granted by parent folder's Central Access Rule ",
1816: "NOT Granted by parent folder's Central Access Rule ",
1817: "Unknown Type",
1818: "String",
1819: "Unsigned 64-bit Integer",
1820: "64-bit Integer",
1821: "FQBN",
1822: "Blob",
1823: "Sid",
1824: "Boolean",
1825: "True",
1826: "False",
1827: "Invalid",
1828: "an ACE too long to display",
1829: "a Security Descriptor too long to display",
1830: "Not granted to AppContainers",
1831: "...",
1832: "Identification",
1833: "Impersonation",
1840: "Delegation",
1841: "Denied by Process Trust Label ACE",
1842: "Yes",
1843: "No",
1844: "System",
1845: "Not Available",
1846: "Default",
1847: "DisallowMmConfig",
1848: "Off",
1849: "Auto",
1856: "Denied by Access Filter Ace",
1872: "REG_NONE",
1873: "REG_SZ",
1874: "REG_EXPAND_SZ",
1875: "REG_BINARY",
1876: "REG_DWORD",
1877: "REG_DWORD_BIG_ENDIAN",
1878: "REG_LINK",
1879: "REG_MULTI_SZ (New lines are replaced with *. A * is replaced with **)",
1880: "REG_RESOURCE_LIST",
1881: "REG_FULL_RESOURCE_DESCRIPTOR",
1882: "REG_RESOURCE_REQUIREMENTS_LIST",
1883: "REG_QWORD",
1904: "New registry value created",
1905: "Existing registry value modified",
1906: "Registry value deleted",
1920: "Sunday",
1921: "Monday",
1922: "Tuesday",
1923: "Wednesday",
1924: "Thursday",
1925: "Friday",
1926: "Saturday",
1936: "TokenElevationTypeDefault (1)",
1937: "TokenElevationTypeFull (2)",
1938: "TokenElevationTypeLimited (3)",
2048: "Account Enabled",
2049: "Home Directory Required' - Disabled",
2050: "Password Not Required' - Disabled",
2051: "Temp Duplicate Account' - Disabled",
2052: "Normal Account' - Disabled",
2053: "MNS Logon Account' - Disabled",
2054: "Interdomain Trust Account' - Disabled",
2055: "Workstation Trust Account' - Disabled",
2056: "Server Trust Account' - Disabled",
2057: "Don't Expire Password' - Disabled",
2058: "Account Unlocked",
2059: "Encrypted Text Password Allowed' - Disabled",
2060: "Smartcard Required' - Disabled",
2061: "Trusted For Delegation' - Disabled",
2062: "Not Delegated' - Disabled",
2063: "Use DES Key Only' - Disabled",
2064: "Don't Require Preauth' - Disabled",
2065: "Password Expired' - Disabled",
2066: "Trusted To Authenticate For Delegation' - Disabled",
2067: "Exclude Authorization Information' - Disabled",
2068: "Undefined UserAccountControl Bit 20' - Disabled",
2069: "Protect Kerberos Service Tickets with AES Keys' - Disabled",
2070: "Undefined UserAccountControl Bit 22' - Disabled",
2071: "Undefined UserAccountControl Bit 23' - Disabled",
2072: "Undefined UserAccountControl Bit 24' - Disabled",
2073: "Undefined UserAccountControl Bit 25' - Disabled",
2074: "Undefined UserAccountControl Bit 26' - Disabled",
2075: "Undefined UserAccountControl Bit 27' - Disabled",
2076: "Undefined UserAccountControl Bit 28' - Disabled",
2077: "Undefined UserAccountControl Bit 29' - Disabled",
2078: "Undefined UserAccountControl Bit 30' - Disabled",
2079: "Undefined UserAccountControl Bit 31' - Disabled",
2080: "Account Disabled",
2081: "Home Directory Required' - Enabled",
2082: "Password Not Required' - Enabled",
2083: "Temp Duplicate Account' - Enabled",
2084: "Normal Account' - Enabled",
2085: "MNS Logon Account' - Enabled",
2086: "Interdomain Trust Account' - Enabled",
2087: "Workstation Trust Account' - Enabled",
2088: "Server Trust Account' - Enabled",
2089: "Don't Expire Password' - Enabled",
2090: "Account Locked",
2091: "Encrypted Text Password Allowed' - Enabled",
2092: "Smartcard Required' - Enabled",
2093: "Trusted For Delegation' - Enabled",
2094: "Not Delegated' - Enabled",
2095: "Use DES Key Only' - Enabled",
2096: "Don't Require Preauth' - Enabled",
2097: "Password Expired' - Enabled",
2098: "Trusted To Authenticate For Delegation' - Enabled",
2099: "Exclude Authorization Information' - Enabled",
2100: "Undefined UserAccountControl Bit 20' - Enabled",
2101: "Protect Kerberos Service Tickets with AES Keys' - Enabled",
2102: "Undefined UserAccountControl Bit 22' - Enabled",
2103: "Undefined UserAccountControl Bit 23' - Enabled",
2104: "Undefined UserAccountControl Bit 24' - Enabled",
2105: "Undefined UserAccountControl Bit 25' - Enabled",
2106: "Undefined UserAccountControl Bit 26' - Enabled",
2107: "Undefined UserAccountControl Bit 27' - Enabled",
2108: "Undefined UserAccountControl Bit 28' - Enabled",
2109: "Undefined UserAccountControl Bit 29' - Enabled",
2110: "Undefined UserAccountControl Bit 30' - Enabled",
2111: "Undefined UserAccountControl Bit 31' - Enabled",
2304: "An Error occured during Logon.",
2305: "The specified user account has expired.",
2306: "The NetLogon component is not active.",
2307: "Account locked out.",
2308: "The user has not been granted the requested logon type at this machine.",
2309: "The specified account's password has expired.",
2310: "Account currently disabled.",
2311: "Account logon time restriction violation.",
2312: "User not allowed to logon at this computer.",
2313: "Unknown user name or bad password.",
2314: "Domain sid inconsistent.",
2315: "Smartcard logon is required and was not used.",
2432: "Not Available.",
2436: "Random number generator failure.",
2437: "Random number generation failed FIPS-140 pre-hash check.",
2438: "Failed to zero secret data.",
2439: "Key failed pair wise consistency check.",
2448: "Failed to unprotect persistent cryptographic key.",
2449: "Key export checks failed.",
2450: "Validation of public key failed.",
2451: "Signature verification failed.",
2456: "Open key file.",
2457: "Delete key file.",
2458: "Read persisted key from file.",
2459: "Write persisted key to file.",
2464: "Export of persistent cryptographic key.",
2465: "Import of persistent cryptographic key.",
2480: "Open Key.",
2481: "Create Key.",
2482: "Delete Key.",
2483: "Encrypt.",
2484: "Decrypt.",
2485: "Sign hash.",
2486: "Secret agreement.",
2487: "Domain settings",
2488: "Local settings",
2489: "Add provider.",
2490: "Remove provider.",
2491: "Add context.",
2492: "Remove context.",
2493: "Add function.",
2494: "Remove function.",
2495: "Add function provider.",
2496: "Remove function provider.",
2497: "Add function property.",
2498: "Remove function property.",
2499: "Machine key.",
2500: "User key.",
2501: "Key Derivation.",
2502: "Claim Creation.",
2503: "Claim Verification.",
4352: "Device Access Bit 0",
4353: "Device Access Bit 1",
4354: "Device Access Bit 2",
4355: "Device Access Bit 3",
4356: "Device Access Bit 4",
4357: "Device Access Bit 5",
4358: "Device Access Bit 6",
4359: "Device Access Bit 7",
4360: "Device Access Bit 8",
4361: "Undefined Access (no effect) Bit 9",
4362: "Undefined Access (no effect) Bit 10",
4363: "Undefined Access (no effect) Bit 11",
4364: "Undefined Access (no effect) Bit 12",
4365: "Undefined Access (no effect) Bit 13",
4366: "Undefined Access (no effect) Bit 14",
4367: "Undefined Access (no effect) Bit 15",
4368: "Query directory",
4369: "Traverse",
4370: "Create object in directory",
4371: "Create sub-directory",
4372: "Undefined Access (no effect) Bit 4",
4373: "Undefined Access (no effect) Bit 5",
4374: "Undefined Access (no effect) Bit 6",
4375: "Undefined Access (no effect) Bit 7",
4376: "Undefined Access (no effect) Bit 8",
4377: "Undefined Access (no effect) Bit 9",
4378: "Undefined Access (no effect) Bit 10",
4379: "Undefined Access (no effect) Bit 11",
4380: "Undefined Access (no effect) Bit 12",
4381: "Undefined Access (no effect) Bit 13",
4382: "Undefined Access (no effect) Bit 14",
4383: "Undefined Access (no effect) Bit 15",
4384: "Query event state",
4385: "Modify event state",
4386: "Undefined Access (no effect) Bit 2",
4387: "Undefined Access (no effect) Bit 3",
4388: "Undefined Access (no effect) Bit 4",
4389: "Undefined Access (no effect) Bit 5",
4390: "Undefined Access (no effect) Bit 6",
4391: "Undefined Access (no effect) Bit 7",
4392: "Undefined Access (no effect) Bit 8",
4393: "Undefined Access (no effect) Bit 9",
4394: "Undefined Access (no effect) Bit 10",
4395: "Undefined Access (no effect) Bit 11",
4396: "Undefined Access (no effect) Bit 12",
4397: "Undefined Access (no effect) Bit 13",
4398: "Undefined Access (no effect) Bit 14",
4399: "Undefined Access (no effect) Bit 15",
4416: "ReadData (or ListDirectory)",
4417: "WriteData (or AddFile)",
4418: "AppendData (or AddSubdirectory or CreatePipeInstance)",
4419: "ReadEA",
4420: "WriteEA",
4421: "Execute/Traverse",
4422: "DeleteChild",
4423: "ReadAttributes",
4424: "WriteAttributes",
4425: "Undefined Access (no effect) Bit 9",
4426: "Undefined Access (no effect) Bit 10",
4427: "Undefined Access (no effect) Bit 11",
4428: "Undefined Access (no effect) Bit 12",
4429: "Undefined Access (no effect) Bit 13",
4430: "Undefined Access (no effect) Bit 14",
4431: "Undefined Access (no effect) Bit 15",
4432: "Query key value",
4433: "Set key value",
4434: "Create sub-key",
4435: "Enumerate sub-keys",
4436: "Notify about changes to keys",
4437: "Create Link",
4438: "Undefined Access (no effect) Bit 6",
4439: "Undefined Access (no effect) Bit 7",
4440: "Enable 64(or 32) bit application to open 64 bit key",
4441: "Enable 64(or 32) bit application to open 32 bit key",
4442: "Undefined Access (no effect) Bit 10",
4443: "Undefined Access (no effect) Bit 11",
4444: "Undefined Access (no effect) Bit 12",
4445: "Undefined Access (no effect) Bit 13",
4446: "Undefined Access (no effect) Bit 14",
4447: "Undefined Access (no effect) Bit 15",
4448: "Query mutant state",
4449: "Undefined Access (no effect) Bit 1",
4450: "Undefined Access (no effect) Bit 2",
4451: "Undefined Access (no effect) Bit 3",
4452: "Undefined Access (no effect) Bit 4",
4453: "Undefined Access (no effect) Bit 5",
4454: "Undefined Access (no effect) Bit 6",
4455: "Undefined Access (no effect) Bit 7",
4456: "Undefined Access (no effect) Bit 8",
4457: "Undefined Access (no effect) Bit 9",
4458: "Undefined Access (no effect) Bit 10",
4459: "Undefined Access (no effect) Bit 11",
4460: "Undefined Access (no effect) Bit 12",
4461: "Undefined Access (no effect) Bit 13",
4462: "Undefined Access (no effect) Bit 14",
4463: "Undefined Access (no effect) Bit 15",
4464: "Communicate using port",
4465: "Undefined Access (no effect) Bit 1",
4466: "Undefined Access (no effect) Bit 2",
4467: "Undefined Access (no effect) Bit 3",
4468: "Undefined Access (no effect) Bit 4",
4469: "Undefined Access (no effect) Bit 5",
4470: "Undefined Access (no effect) Bit 6",
4471: "Undefined Access (no effect) Bit 7",
4472: "Undefined Access (no effect) Bit 8",
4473: "Undefined Access (no effect) Bit 9",
4474: "Undefined Access (no effect) Bit 10",
4475: "Undefined Access (no effect) Bit 11",
4476: "Undefined Access (no effect) Bit 12",
4477: "Undefined Access (no effect) Bit 13",
4478: "Undefined Access (no effect) Bit 14",
4479: "Undefined Access (no effect) Bit 15",
4480: "Force process termination",
4481: "Create new thread in process",
4482: "Set process session ID",
4483: "Perform virtual memory operation",
4484: "Read from process memory",
4485: "Write to process memory",
4486: "Duplicate handle into or out of process",
4487: "Create a subprocess of process",
4488: "Set process quotas",
4489: "Set process information",
4490: "Query process information",
4491: "Set process termination port",
4492: "Undefined Access (no effect) Bit 12",
4493: "Undefined Access (no effect) Bit 13",
4494: "Undefined Access (no effect) Bit 14",
4495: "Undefined Access (no effect) Bit 15",
4496: "Control profile",
4497: "Undefined Access (no effect) Bit 1",
4498: "Undefined Access (no effect) Bit 2",
4499: "Undefined Access (no effect) Bit 3",
4500: "Undefined Access (no effect) Bit 4",
4501: "Undefined Access (no effect) Bit 5",
4502: "Undefined Access (no effect) Bit 6",
4503: "Undefined Access (no effect) Bit 7",
4504: "Undefined Access (no effect) Bit 8",
4505: "Undefined Access (no effect) Bit 9",
4506: "Undefined Access (no effect) Bit 10",
4507: "Undefined Access (no effect) Bit 11",
4508: "Undefined Access (no effect) Bit 12",
4509: "Undefined Access (no effect) Bit 13",
4510: "Undefined Access (no effect) Bit 14",
4511: "Undefined Access (no effect) Bit 15",
4512: "Query section state",
4513: "Map section for write",
4514: "Map section for read",
4515: "Map section for execute",
4516: "Extend size",
4517: "Undefined Access (no effect) Bit 5",
4518: "Undefined Access (no effect) Bit 6",
4519: "Undefined Access (no effect) Bit 7",
4520: "Undefined Access (no effect) Bit 8",
4521: "Undefined Access (no effect) Bit 9",
4522: "Undefined Access (no effect) Bit 10",
4523: "Undefined Access (no effect) Bit 11",
4524: "Undefined Access (no effect) Bit 12",
4525: "Undefined Access (no effect) Bit 13",
4526: "Undefined Access (no effect) Bit 14",
4527: "Undefined Access (no effect) Bit 15",
4528: "Query semaphore state",
4529: "Modify semaphore state",
4530: "Undefined Access (no effect) Bit 2",
4531: "Undefined Access (no effect) Bit 3",
4532: "Undefined Access (no effect) Bit 4",
4533: "Undefined Access (no effect) Bit 5",
4534: "Undefined Access (no effect) Bit 6",
4535: "Undefined Access (no effect) Bit 7",
4536: "Undefined Access (no effect) Bit 8",
4537: "Undefined Access (no effect) Bit 9",
4538: "Undefined Access (no effect) Bit 10",
4539: "Undefined Access (no effect) Bit 11",
4540: "Undefined Access (no effect) Bit 12",
4541: "Undefined Access (no effect) Bit 13",
4542: "Undefined Access (no effect) Bit 14",
4543: "Undefined Access (no effect) Bit 15",
4544: "Use symbolic link",
4545: "Undefined Access (no effect) Bit 1",
4546: "Undefined Access (no effect) Bit 2",
4547: "Undefined Access (no effect) Bit 3",
4548: "Undefined Access (no effect) Bit 4",
4549: "Undefined Access (no effect) Bit 5",
4550: "Undefined Access (no effect) Bit 6",
4551: "Undefined Access (no effect) Bit 7",
4552: "Undefined Access (no effect) Bit 8",
4553: "Undefined Access (no effect) Bit 9",
4554: "Undefined Access (no effect) Bit 10",
4555: "Undefined Access (no effect) Bit 11",
4556: "Undefined Access (no effect) Bit 12",
4557: "Undefined Access (no effect) Bit 13",
4558: "Undefined Access (no effect) Bit 14",
4559: "Undefined Access (no effect) Bit 15",
4560: "Force thread termination",
4561: "Suspend or resume thread",
4562: "Send an alert to thread",
4563: "Get thread context",
4564: "Set thread context",
4565: "Set thread information",
4566: "Query thread information",
4567: "Assign a token to the thread",
4568: "Cause thread to directly impersonate another thread",
4569: "Directly impersonate this thread",
4570: "Undefined Access (no effect) Bit 10",
4571: "Undefined Access (no effect) Bit 11",
4572: "Undefined Access (no effect) Bit 12",
4573: "Undefined Access (no effect) Bit 13",
4574: "Undefined Access (no effect) Bit 14",
4575: "Undefined Access (no effect) Bit 15",
4576: "Query timer state",
4577: "Modify timer state",
4578: "Undefined Access (no effect) Bit 2",
4579: "Undefined Access (no effect) Bit 3",
4580: "Undefined Access (no effect) Bit 4",
4581: "Undefined Access (no effect) Bit 5",
4582: "Undefined Access (no effect) Bit 6",
4584: "Undefined Access (no effect) Bit 8",
4585: "Undefined Access (no effect) Bit 9",
4586: "Undefined Access (no effect) Bit 10",
4587: "Undefined Access (no effect) Bit 11",
4588: "Undefined Access (no effect) Bit 12",
4589: "Undefined Access (no effect) Bit 13",
4590: "Undefined Access (no effect) Bit 14",
4591: "Undefined Access (no effect) Bit 15",
4592: "AssignAsPrimary",
4593: "Duplicate",
4594: "Impersonate",
4595: "Query",
4596: "QuerySource",
4597: "AdjustPrivileges",
4598: "AdjustGroups",
4599: "AdjustDefaultDacl",
4600: "AdjustSessionID",
4601: "Undefined Access (no effect) Bit 9",
4602: "Undefined Access (no effect) Bit 10",
4603: "Undefined Access (no effect) Bit 11",
4604: "Undefined Access (no effect) Bit 12",
4605: "Undefined Access (no effect) Bit 13",
4606: "Undefined Access (no effect) Bit 14",
4607: "Undefined Access (no effect) Bit 15",
4608: "Create instance of object type",
4609: "Undefined Access (no effect) Bit 1",
4610: "Undefined Access (no effect) Bit 2",
4611: "Undefined Access (no effect) Bit 3",
4612: "Undefined Access (no effect) Bit 4",
4613: "Undefined Access (no effect) Bit 5",
4614: "Undefined Access (no effect) Bit 6",
4615: "Undefined Access (no effect) Bit 7",
4616: "Undefined Access (no effect) Bit 8",
4617: "Undefined Access (no effect) Bit 9",
4618: "Undefined Access (no effect) Bit 10",
4619: "Undefined Access (no effect) Bit 11",
4620: "Undefined Access (no effect) Bit 12",
4621: "Undefined Access (no effect) Bit 13",
4622: "Undefined Access (no effect) Bit 14",
4623: "Undefined Access (no effect) Bit 15",
4864: "Query State",
4865: "Modify State",
5120: "Channel read message",
5121: "Channel write message",
5122: "Channel query information",
5123: "Channel set information",
5124: "Undefined Access (no effect) Bit 4",
5125: "Undefined Access (no effect) Bit 5",
5126: "Undefined Access (no effect) Bit 6",
5127: "Undefined Access (no effect) Bit 7",
5128: "Undefined Access (no effect) Bit 8",
5129: "Undefined Access (no effect) Bit 9",
5130: "Undefined Access (no effect) Bit 10",
5131: "Undefined Access (no effect) Bit 11",
5132: "Undefined Access (no effect) Bit 12",
5133: "Undefined Access (no effect) Bit 13",
5134: "Undefined Access (no effect) Bit 14",
5135: "Undefined Access (no effect) Bit 15",
5136: "Assign process",
5137: "Set Attributes",
5138: "Query Attributes",
5139: "Terminate Job",
5140: "Set Security Attributes",
5141: "Undefined Access (no effect) Bit 5",
5142: "Undefined Access (no effect) Bit 6",
5143: "Undefined Access (no effect) Bit 7",
5144: "Undefined Access (no effect) Bit 8",
5145: "Undefined Access (no effect) Bit 9",
5146: "Undefined Access (no effect) Bit 10",
5147: "Undefined Access (no effect) Bit 11",
5148: "Undefined Access (no effect) Bit 12",
5149: "Undefined Access (no effect) Bit 13",
5150: "Undefined Access (no effect) Bit 14",
5151: "Undefined Access (no effect) Bit 15",
5376: "ConnectToServer",
5377: "ShutdownServer",
5378: "InitializeServer",
5379: "CreateDomain",
5380: "EnumerateDomains",
5381: "LookupDomain",
5382: "Undefined Access (no effect) Bit 6",
5383: "Undefined Access (no effect) Bit 7",
5384: "Undefined Access (no effect) Bit 8",
5385: "Undefined Access (no effect) Bit 9",
5386: "Undefined Access (no effect) Bit 10",
5387: "Undefined Access (no effect) Bit 11",
5388: "Undefined Access (no effect) Bit 12",
5389: "Undefined Access (no effect) Bit 13",
5390: "Undefined Access (no effect) Bit 14",
5391: "Undefined Access (no effect) Bit 15",
5392: "ReadPasswordParameters",
5393: "WritePasswordParameters",
5394: "ReadOtherParameters",
5395: "WriteOtherParameters",
5396: "CreateUser",
5397: "CreateGlobalGroup",
5398: "CreateLocalGroup",
5399: "GetLocalGroupMembership",
5400: "ListAccounts",
5401: "LookupIDs",
5402: "AdministerServer",
5403: "Undefined Access (no effect) Bit 11",
5404: "Undefined Access (no effect) Bit 12",
5405: "Undefined Access (no effect) Bit 13",
5406: "Undefined Access (no effect) Bit 14",
5407: "Undefined Access (no effect) Bit 15",
5408: "ReadInformation",
5409: "WriteAccount",
5410: "AddMember",
5411: "RemoveMember",
5412: "ListMembers",
5413: "Undefined Access (no effect) Bit 5",
5414: "Undefined Access (no effect) Bit 6",
5415: "Undefined Access (no effect) Bit 7",
5416: "Undefined Access (no effect) Bit 8",
5417: "Undefined Access (no effect) Bit 9",
5418: "Undefined Access (no effect) Bit 10",
5419: "Undefined Access (no effect) Bit 11",
5420: "Undefined Access (no effect) Bit 12",
5421: "Undefined Access (no effect) Bit 13",
5422: "Undefined Access (no effect) Bit 14",
5423: "Undefined Access (no effect) Bit 15",
5424: "AddMember",
5425: "RemoveMember",
5426: "ListMembers",
5427: "ReadInformation",
5428: "WriteAccount",
5429: "Undefined Access (no effect) Bit 5",
5430: "Undefined Access (no effect) Bit 6",
5431: "Undefined Access (no effect) Bit 7",
5432: "Undefined Access (no effect) Bit 8",
5433: "Undefined Access (no effect) Bit 9",
5434: "Undefined Access (no effect) Bit 10",
5435: "Undefined Access (no effect) Bit 11",
5436: "Undefined Access (no effect) Bit 12",
5437: "Undefined Access (no effect) Bit 13",
5438: "Undefined Access (no effect) Bit 14",
5439: "Undefined Access (no effect) Bit 15",
5440: "ReadGeneralInformation",
5441: "ReadPreferences",
5442: "WritePreferences",
5443: "ReadLogon",
5444: "ReadAccount",
5445: "WriteAccount",
5446: "ChangePassword (with knowledge of old password)",
5447: "SetPassword (without knowledge of old password)",
5448: "ListGroups",
5449: "ReadGroupMembership",
5450: "ChangeGroupMembership",
5451: "Undefined Access (no effect) Bit 11",
5452: "Undefined Access (no effect) Bit 12",
5453: "Undefined Access (no effect) Bit 13",
5454: "Undefined Access (no effect) Bit 14",
5455: "Undefined Access (no effect) Bit 15",
5632: "View non-sensitive policy information",
5633: "View system audit requirements",
5634: "Get sensitive policy information",
5635: "Modify domain trust relationships",
5636: "Create special accounts (for assignment of user rights)",
5637: "Create a secret object",
5638: "Create a privilege",
5639: "Set default quota limits",
5640: "Change system audit requirements",
5641: "Administer audit log attributes",
5642: "Enable/Disable LSA",
5643: "Lookup Names/SIDs",
5648: "Change secret value",
5649: "Query secret value",
5650: "Undefined Access (no effect) Bit 2",
5651: "Undefined Access (no effect) Bit 3",
5652: "Undefined Access (no effect) Bit 4",
5653: "Undefined Access (no effect) Bit 5",
5654: "Undefined Access (no effect) Bit 6",
5655: "Undefined Access (no effect) Bit 7",
5656: "Undefined Access (no effect) Bit 8",
5657: "Undefined Access (no effect) Bit 9",
5658: "Undefined Access (no effect) Bit 10",
5659: "Undefined Access (no effect) Bit 11",
5660: "Undefined Access (no effect) Bit 12",
5661: "Undefined Access (no effect) Bit 13",
5662: "Undefined Access (no effect) Bit 14",
5663: "Undefined Access (no effect) Bit 15",
5664: "Query trusted domain name/SID",
5665: "Retrieve the controllers in the trusted domain",
5666: "Change the controllers in the trusted domain",
5667: "Query the Posix ID offset assigned to the trusted domain",
5668: "Change the Posix ID offset assigned to the trusted domain",
5669: "Undefined Access (no effect) Bit 5",
5670: "Undefined Access (no effect) Bit 6",
5671: "Undefined Access (no effect) Bit 7",
5672: "Undefined Access (no effect) Bit 8",
5673: "Undefined Access (no effect) Bit 9",
5674: "Undefined Access (no effect) Bit 10",
5675: "Undefined Access (no effect) Bit 11",
5676: "Undefined Access (no effect) Bit 12",
5677: "Undefined Access (no effect) Bit 13",
5678: "Undefined Access (no effect) Bit 14",
5679: "Undefined Access (no effect) Bit 15",
5680: "Query account information",
5681: "Change privileges assigned to account",
5682: "Change quotas assigned to account",
5683: "Change logon capabilities assigned to account",
5684: "Change the Posix ID offset assigned to the accounted domain",
5685: "Undefined Access (no effect) Bit 5",
5686: "Undefined Access (no effect) Bit 6",
5687: "Undefined Access (no effect) Bit 7",
5688: "Undefined Access (no effect) Bit 8",
5689: "Undefined Access (no effect) Bit 9",
5690: "Undefined Access (no effect) Bit 10",
5691: "Undefined Access (no effect) Bit 11",
5692: "Undefined Access (no effect) Bit 12",
5693: "Undefined Access (no effect) Bit 13",
5694: "Undefined Access (no effect) Bit 14",
5695: "Undefined Access (no effect) Bit 15",
5696: "KeyedEvent Wait",
5697: "KeyedEvent Wake",
5698: "Undefined Access (no effect) Bit 2",
5699: "Undefined Access (no effect) Bit 3",
5700: "Undefined Access (no effect) Bit 4",
5701: "Undefined Access (no effect) Bit 5",
5702: "Undefined Access (no effect) Bit 6",
5703: "Undefined Access (no effect) Bit 7",
5704: "Undefined Access (no effect) Bit 8",
5705: "Undefined Access (no effect) Bit 9",
5706: "Undefined Access (no effect) Bit 10",
5707: "Undefined Access (no effect) Bit 11",
5708: "Undefined Access (no effect) Bit 12",
5709: "Undefined Access (no effect) Bit 13",
5710: "Undefined Access (no effect) Bit 14",
5711: "Undefined Access (no effect) Bit 15",
6656: "Enumerate desktops",
6657: "Read attributes",
6658: "Access Clipboard",
6659: "Create desktop",
6660: "Write attributes",
6661: "Access global atoms",
6662: "Exit windows",
6663: "Unused Access Flag",
6664: "Include this windowstation in enumerations",
6665: "Read screen",
6672: "Read Objects",
6673: "Create window",
6674: "Create menu",
6675: "Hook control",
6676: "Journal (record)",
6677: "Journal (playback)",
6678: "Include this desktop in enumerations",
6679: "Write objects",
6680: "Switch to this desktop",
6912: "Administer print server",
6913: "Enumerate printers",
6930: "Full Control",
6931: "Print",
6948: "Administer Document",
7168: "Connect to service controller",
7169: "Create a new service",
7170: "Enumerate services",
7171: "Lock service database for exclusive access",
7172: "Query service database lock state",
7173: "Set last-known-good state of service database",
7184: "Query service configuration information",
7185: "Set service configuration information",
7186: "Query status of service",
7187: "Enumerate dependencies of service",
7188: "Start the service",
7189: "Stop the service",
7190: "Pause or continue the service",
7191: "Query information from service",
7192: "Issue service-specific control commands",
7424: "DDE Share Read",
7425: "DDE Share Write",
7426: "DDE Share Initiate Static",
7427: "DDE Share Initiate Link",
7428: "DDE Share Request",
7429: "DDE Share Advise",
7430: "DDE Share Poke",
7431: "DDE Share Execute",
7432: "DDE Share Add Items",
7433: "DDE Share List Items",
7680: "Create Child",
7681: "Delete Child",
7682: "List Contents",
7683: "Write Self",
7684: "Read Property",
7685: "Write Property",
7686: "Delete Tree",
7687: "List Object",
7688: "Control Access",
7689: "Undefined Access (no effect) Bit 9",
7690: "Undefined Access (no effect) Bit 10",
7691: "Undefined Access (no effect) Bit 11",
7692: "Undefined Access (no effect) Bit 12",
7693: "Undefined Access (no effect) Bit 13",
7694: "Undefined Access (no effect) Bit 14",
7695: "Undefined Access (no effect) Bit 15",
7936: "Audit Set System Policy",
7937: "Audit Query System Policy",
7938: "Audit Set Per User Policy",
7939: "Audit Query Per User Policy",
7940: "Audit Enumerate Users",
7941: "Audit Set Options",
7942: "Audit Query Options",
8064: "Port sharing (read)",
8065: "Port sharing (write)",
8096: "Default credentials",
8097: "Credentials manager",
8098: "Fresh credentials",
8192: "Kerberos",
8193: "Preshared key",
8194: "Unknown authentication",
8195: "DES",
8196: "3DES",
8197: "MD5",
8198: "SHA1",
8199: "Local computer",
8200: "Remote computer",
8201: "No state",
8202: "Sent first (SA) payload",
8203: "Sent second (KE) payload",
8204: "Sent third (ID) payload",
8205: "Initiator",
8206: "Responder",
8207: "No state",
8208: "Sent first (SA) payload",
8209: "Sent final payload",
8210: "Complete",
8211: "Unknown",
8212: "Transport",
8213: "Tunnel",
8214: "IKE/AuthIP DoS prevention mode started",
8215: "IKE/AuthIP DoS prevention mode stopped",
8216: "Enabled",
8217: "Not enabled",
8218: "No state",
8219: "Sent first (EM attributes) payload",
8220: "Sent second (SSPI) payload",
8221: "Sent third (hash) payload",
8222: "IKEv1",
8223: "AuthIP",
8224: "Anonymous",
8225: "NTLM V2",
8226: "CGA",
8227: "Certificate",
8228: "SSL",
8229: "None",
8230: "DH group 1",
8231: "DH group 2",
8232: "DH group 14",
8233: "DH group ECP 256",
8234: "DH group ECP 384",
8235: "AES-128",
8236: "AES-192",
8237: "AES-256",
8238: "Certificate ECDSA P256",
8239: "Certificate ECDSA P384",
8240: "SSL ECDSA P256",
8241: "SSL ECDSA P384",
8242: "SHA 256",
8243: "SHA 384",
8244: "IKEv2",
8245: "EAP payload sent",
8246: "Authentication payload sent",
8247: "EAP",
8248: "DH group 24",
8272: "System",
8273: "Logon/Logoff",
8274: "Object Access",
8275: "Privilege Use",
8276: "Detailed Tracking",
8277: "Policy Change",
8278: "Account Management",
8279: "DS Access",
8280: "Account Logon",
8448: "Success removed",
8449: "Success Added",
8450: "Failure removed",
8451: "Failure added",
8452: "Success include removed",
8453: "Success include added",
8454: "Success exclude removed",
8455: "Success exclude added",
8456: "Failure include removed",
8457: "Failure include added",
8458: "Failure exclude removed",
8459: "Failure exclude added",
12288: "Security State Change",
12289: "Security System Extension",
12290: "System Integrity",
12291: "IPsec Driver",
12292: "Other System Events",
12544: "Logon",
12545: "Logoff",
12546: "Account Lockout",
12547: "IPsec Main Mode",
12548: "Special Logon",
12549: "IPsec Quick Mode",
12550: "IPsec Extended Mode",
12551: "Other Logon/Logoff Events",
12552: "Network Policy Server",
12553: "User / Device Claims",
12554: "Group Membership",
12800: "File System",
12801: "Registry",
12802: "Kernel Object",
12803: "SAM",
12804: "Other Object Access Events",
12805: "Certification Services",
12806: "Application Generated",
12807: "Handle Manipulation",
12808: "File Share",
12809: "Filtering Platform Packet Drop",
12810: "Filtering Platform Connection",
12811: "Detailed File Share",
12812: "Removable Storage",
12813: "Central Policy Staging",
13056: "Sensitive Privilege Use",
13057: "Non Sensitive Privilege Use",
13058: "Other Privilege Use Events",
13312: "Process Creation",
13313: "Process Termination",
13314: "DPAPI Activity",
13315: "RPC Events",
13316: "Plug and Play Events",
13317: "Token Right Adjusted Events",
13568: "Audit Policy Change",
13569: "Authentication Policy Change",
13570: "Authorization Policy Change",
13571: "MPSSVC Rule-Level Policy Change",
13572: "Filtering Platform Policy Change",
13573: "Other Policy Change Events",
13824: "User Account Management",
13825: "Computer Account Management",
13826: "Security Group Management",
13827: "Distribution Group Management",
13828: "Application Group Management",
13829: "Other Account Management Events",
14080: "Directory Service Access",
14081: "Directory Service Changes",
14082: "Directory Service Replication",
14083: "Detailed Directory Service Replication",
14336: "Credential Validation",
14337: "Kerberos Service Ticket Operations",
14338: "Other Account Logon Events",
14339: "Kerberos Authentication Service",
14592: "Inbound",
14593: "Outbound",
14594: "Forward",
14595: "Bidirectional",
14596: "IP Packet",
14597: "Transport",
14598: "Forward",
14599: "Stream",
14600: "Datagram Data",
14601: "ICMP Error",
14602: "MAC 802.3",
14603: "MAC Native",
14604: "vSwitch",
14608: "Resource Assignment",
14609: "Listen",
14610: "Receive/Accept",
14611: "Connect",
14612: "Flow Established",
14614: "Resource Release",
14615: "Endpoint Closure",
14616: "Connect Redirect",
14617: "Bind Redirect",
14624: "Stream Packet",
14640: "ICMP Echo-Request",
14641: "vSwitch Ingress",
14642: "vSwitch Egress",
14672: "<Binary>",
14673: "[NULL]",
14674: "Value Added",
14675: "Value Deleted",
14676: "Active Directory Domain Services",
14677: "Active Directory Lightweight Directory Services",
14678: "Yes",
14679: "No",
14680: "Value Added With Expiration Time",
14681: "Value Deleted With Expiration Time",
14688: "Value Auto Deleted With Expiration Time",
16384: "Add",
16385: "Delete",
16386: "Boot-time",
16387: "Persistent",
16388: "Not persistent",
16389: "Block",
16390: "Permit",
16391: "Callout",
16392: "MD5",
16393: "SHA-1",
16394: "SHA-256",
16395: "AES-GCM 128",
16396: "AES-GCM 192",
16397: "AES-GCM 256",
16398: "DES",
16399: "3DES",
16400: "AES-128",
16401: "AES-192",
16402: "AES-256",
16403: "Transport",
16404: "Tunnel",
16405: "Responder",
16406: "Initiator",
16407: "AES-GMAC 128",
16408: "AES-GMAC 192",
16409: "AES-GMAC 256",
16416: "AuthNoEncap Transport",
16896: "Enable WMI Account",
16897: "Execute Method",
16898: "Full Write",
16899: "Partial Write",
16900: "Provider Write",
16901: "Remote Access",
16902: "Subscribe",
16903: "Publish",
16904: "AES-GSM-128",
16905: "AES-GSM-256",
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment