Object Access Event: 4818

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Object Access » Object Access Event: 4818

Event ID 4818 – Proposed Central Access Policy Does Not Grant The Same Access Permissions As The Current Central Access Policy

Event ID 4818
Category Object Access: Central Policy Staging
Type Success Audit
Description Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.

When Dynamic Access Control Proposed Central Access Policy is enabled but access is not granted by Proposed Central Access Policy, event 4818 is logged.

This log data provides the following information:

  • Security ID
  • Account Name
  • Account Domain
  • Logon ID
  • Object Server
  • Object Type
  • Object Name
  • Handle ID
  • Process ID
  • Process Name
  • Access Reasons

Why does event ID 4818 need to be monitored?

Event ID 4818 is primarily monitored to help with testing and troubleshooting of Proposed Central Access Policies for Dynamic Access Control.

Event 4818 applies to the following operating systems:

  • Windows 2008 R2 and 7
  • Windows 2012 R2 and 8.1
  • Windows 2016 and 10