| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 565 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 2892 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 564 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 2892 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 563 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed computer boot policy processing for WORKGROUP\N-H2-758944-1$ in 0 seconds. | 8000 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 562 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed Registry Extension Processing in 31 milliseconds. | 5016 | 0 | | 4 | 0 | 2 | 4611686018427387904 | 561 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 560 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 2892 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 559 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 2892 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 558 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 2892 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 557 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 2892 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting Registry Extension Processing.
List of applicable Group Policy objects: (Changes were detected.)
Local Group Policy
| 4016 | 0 | | 4 | 0 | 1 | 4611686018427387904 | 556 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 555 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 554 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 553 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 552 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 551 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 550 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 549 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 548 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 547 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 546 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 2892 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 545 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 2892 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 544 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting computer boot policy processing for WORKGROUP\N-H2-758944-1$.
Activity id: {3EC48E92-BDD7-47C3-B676-959416162B31} | 4000 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 543 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | 3ec48e92-bdd7-47c3-b676-959416162b31 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 542 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 3620 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 541 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 2892 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:22 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: aa6908b4-a26e-4bc0-88fc-68f4ee153bad | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 540 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 900 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:11 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 539 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 900 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:11 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 538 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 900 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:11 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 537 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 900 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:11 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 536 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 900 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:11 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 535 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 2024 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:11 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 534 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 588 | 2024 | n-h2-758944-1 | S-1-5-18 | 10/21/2020 6:05:10 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 533 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 532 | 928 | WIN-5T344G8GM1H | S-1-5-18 | 10/21/2020 6:04:42 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 532 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 532 | 544 | WIN-5T344G8GM1H | S-1-5-18 | 10/21/2020 6:04:42 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: 2759d894-f766-4829-8a6e-d726db6bca40 | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 531 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 532 | 800 | WIN-5T344G8GM1H | S-1-5-18 | 10/21/2020 6:03:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 530 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 532 | 800 | WIN-5T344G8GM1H | S-1-5-18 | 10/21/2020 6:03:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 529 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 532 | 800 | WIN-5T344G8GM1H | S-1-5-18 | 10/21/2020 6:03:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 528 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 532 | 800 | WIN-5T344G8GM1H | S-1-5-18 | 10/21/2020 6:03:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 527 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 532 | 800 | WIN-5T344G8GM1H | S-1-5-18 | 10/21/2020 6:03:47 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 526 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 532 | 1484 | WIN-5T344G8GM1H | S-1-5-18 | 10/21/2020 6:03:47 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 525 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 532 | 1484 | WIN-5T344G8GM1H | S-1-5-18 | 10/21/2020 6:03:47 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 524 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 1440 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:13 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 523 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 980 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:13 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logoff from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 522 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 672 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:12 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification EndShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 521 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 3432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:12 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon Start Shell handling completed. | 6339 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 520 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 3048 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:33 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification StartShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 519 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 3048 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:33 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 518 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2072 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 517 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2072 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 516 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed user logon policy processing for WIN-5T344G8GM1H\Administrator in 0 seconds. | 8001 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 515 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 514 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 513 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 512 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 511 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 510 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 509 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 508 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 507 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 506 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 505 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting user logon Policy processing for WIN-5T344G8GM1H\Administrator.
Activity id: {523F618F-A541-4753-A681-3C0B79DB800A} | 4001 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 504 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 523f618f-a541-4753-a681-3c0b79db800a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 503 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 502 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2072 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 501 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2072 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 500 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2072 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 499 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2072 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed manual processing of policy for computer WORKGROUP\WIN-5T344G8GM1H$ in 0 seconds. | 8004 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 498 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed Registry Extension Processing in 15 milliseconds. | 5016 | 0 | | 4 | 0 | 2 | 4611686018427387904 | 497 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting Registry Extension Processing.
List of applicable Group Policy objects: (Changes were detected.)
Local Group Policy
| 4016 | 0 | | 4 | 0 | 1 | 4611686018427387904 | 496 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 495 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 494 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 493 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 492 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 491 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 490 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 489 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 488 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 487 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Background. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 486 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting manual processing of policy for computer WORKGROUP\WIN-5T344G8GM1H$.
Activity id: {9663586B-26CE-4E7F-A115-7420EF71DDF6} | 4004 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 485 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2552 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | 9663586b-26ce-4e7f-a115-7420ef71ddf6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 484 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$ in 0 seconds. | 8000 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 483 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 482 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 481 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 480 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 479 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 478 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 477 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 476 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 475 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 474 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 473 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$.
Activity id: {E1363503-0E2F-45F8-B60E-F5C745BC2310} | 4000 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 472 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | e1363503-0e2f-45f8-b60e-f5c745bc2310 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 471 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 470 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 1376 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 469 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 1376 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 468 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 1376 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: 17681e6a-4ec2-473c-afdb-140f3267c9cb | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 467 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 412 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:29 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 466 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 412 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:29 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 465 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 412 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:29 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 464 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 412 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:29 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 463 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 412 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:29 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 462 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 1240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:29 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 461 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 976 | 1240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:29 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 460 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2904 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:40:27 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 459 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 960 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:40:27 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logoff from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 458 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 1504 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:40:27 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification EndShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 457 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2760 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:40:27 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon Start Shell handling completed. | 6339 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 456 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2776 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:19 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification StartShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 455 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2776 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:19 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 454 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 453 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 452 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed user logon policy processing for WIN-5T344G8GM1H\Administrator in 0 seconds. | 8001 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 451 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 450 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 449 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 448 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 447 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 446 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 445 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 444 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 443 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 442 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 441 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting user logon Policy processing for WIN-5T344G8GM1H\Administrator.
Activity id: {19830159-0802-4690-81DF-314FC75BBEC1} | 4001 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 440 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | 19830159-0802-4690-81df-314fc75bbec1 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 439 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 438 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 372 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 437 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 436 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 435 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed manual processing of policy for computer WORKGROUP\WIN-5T344G8GM1H$ in 0 seconds. | 8004 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 434 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed Registry Extension Processing in 32 milliseconds. | 5016 | 0 | | 4 | 0 | 2 | 4611686018427387904 | 433 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting Registry Extension Processing.
List of applicable Group Policy objects: (Changes were detected.)
Local Group Policy
| 4016 | 0 | | 4 | 0 | 1 | 4611686018427387904 | 432 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 431 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 430 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 429 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 428 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 427 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 426 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 425 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 424 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 423 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Background. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 422 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting manual processing of policy for computer WORKGROUP\WIN-5T344G8GM1H$.
Activity id: {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A} | 4004 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 421 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | 96fb381f-0cd5-4b08-b375-7d41e6d4bd5a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 420 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 419 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 418 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$ in 0 seconds. | 8000 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 417 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed Registry Extension Processing in 16 milliseconds. | 5016 | 0 | | 4 | 0 | 2 | 4611686018427387904 | 416 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 415 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 414 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 413 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting Registry Extension Processing.
List of applicable Group Policy objects: (Changes were detected.)
Local Group Policy
| 4016 | 0 | | 4 | 0 | 1 | 4611686018427387904 | 412 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 411 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 410 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 409 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 408 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 407 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 406 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 405 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 404 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 403 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 402 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 401 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 400 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 399 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$.
Activity id: {FD8B735D-48A5-4AFF-82A0-4530749B9C93} | 4000 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 398 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | fd8b735d-48a5-4aff-82a0-4530749b9c93 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 397 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 396 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: 2aee4e0b-fb00-4527-adc4-e481e4d19dcd | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 395 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:15 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 394 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:15 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 393 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:15 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 392 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:15 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 391 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:15 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 390 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 1252 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:15 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 389 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 1252 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:15 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 388 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 968 | 3324 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:59 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 387 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 968 | 972 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:59 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: 3bfff0c0-0165-424d-b905-a307b3220abe | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 386 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 968 | 320 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:40 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 385 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 968 | 320 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:40 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 384 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 968 | 320 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:40 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 383 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 968 | 320 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:40 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 382 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 968 | 320 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:40 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 381 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 968 | 1240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:40 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 380 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 968 | 1240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:40 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 379 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 3144 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:19 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 378 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 960 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:19 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logoff from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 377 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 1996 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:18 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification EndShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 376 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 404 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:18 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon Start Shell handling completed. | 6339 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 375 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:05 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification StartShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 374 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:05 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 373 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2780 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 372 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2780 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 371 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed user logon policy processing for WIN-5T344G8GM1H\Administrator in 0 seconds. | 8001 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 370 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 369 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 368 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 367 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 366 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 365 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 364 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 363 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 362 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 361 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 360 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting user logon Policy processing for WIN-5T344G8GM1H\Administrator.
Activity id: {916D7BC6-7539-48F2-9F9E-92FDF76145FA} | 4001 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 359 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | 916d7bc6-7539-48f2-9f9e-92fdf76145fa | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 358 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2780 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 357 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 356 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2780 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 355 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2780 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 354 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2780 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:04 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 353 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 352 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 351 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$ in 0 seconds. | 8000 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 350 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 349 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 348 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 347 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
Local Group Policy
Not Applied (Empty)
| 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 346 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
None | 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 345 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 344 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 343 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 342 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 341 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 340 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 339 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$.
Activity id: {FB64062E-023F-45C2-95F3-82A8FD38A036} | 4000 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 338 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | fb64062e-023f-45c2-95f3-82a8fd38a036 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 337 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 336 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 335 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 2964 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 334 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: 55f227a2-e54b-46f6-a36f-59838b5d3374 | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 333 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:00 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 332 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:00 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 331 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:00 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 330 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:00 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 329 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 724 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:00 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 328 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 1260 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:00 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 327 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 956 | 1260 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:00 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 326 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 3520 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:22:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 325 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1184 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:22:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logoff from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 324 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2516 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:22:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification EndShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 323 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2444 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:22:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon Start Shell handling completed. | 6339 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 322 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2044 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification StartShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 321 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2044 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 320 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2504 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 319 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2504 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 318 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed user logon policy processing for WIN-5T344G8GM1H\Administrator in 0 seconds. | 8001 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 317 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 316 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 315 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 314 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 313 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 312 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 311 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 310 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 309 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 308 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 307 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting user logon Policy processing for WIN-5T344G8GM1H\Administrator.
Activity id: {16838B39-BD55-4D5F-A3E3-5D47A754DEB8} | 4001 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 306 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | 16838b39-bd55-4d5f-a3e3-5d47a754deb8 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 305 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2504 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 304 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2804 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 303 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2504 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 302 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2504 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 301 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 2504 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:50 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 300 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$ in 0 seconds. | 8000 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 299 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 298 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 297 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 296 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
Local Group Policy
Not Applied (Empty)
| 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 295 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
None | 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 294 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 293 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 292 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 291 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 290 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 289 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$.
Activity id: {EF9DC327-237A-498F-A234-5DD260AC2188} | 4000 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 288 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | ef9dc327-237a-498f-a234-5dd260ac2188 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 287 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1420 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 286 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1420 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 285 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1832 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 284 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1420 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:49 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: 1bab69f4-e4b0-4881-969a-4be66736ab81 | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 283 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1284 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 282 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1284 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 281 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1284 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 280 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1284 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 279 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1284 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 278 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1232 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 277 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1180 | 1232 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:48 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 276 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 3720 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:39 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 275 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 1196 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:39 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logoff from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 274 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:39 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification EndShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 273 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2652 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:39 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon Start Shell handling completed. | 6339 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 272 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 1484 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:56 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification StartShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 271 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 1484 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:56 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 270 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 269 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 268 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed user logon policy processing for WIN-5T344G8GM1H\Administrator in 0 seconds. | 8001 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 267 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 266 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 265 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 264 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 263 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 262 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 261 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 260 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 259 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 258 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 257 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting user logon Policy processing for WIN-5T344G8GM1H\Administrator.
Activity id: {45025C4D-6F9D-4B05-92B5-93A82391A3DE} | 4001 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 256 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | 45025c4d-6f9d-4b05-92b5-93a82391a3de | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 255 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 254 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2816 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 253 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 252 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 251 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 250 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 249 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 248 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$ in 0 seconds. | 8000 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 247 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 246 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 245 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 244 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
Local Group Policy
Not Applied (Empty)
| 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 243 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
None | 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 242 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 241 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 240 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 239 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 238 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 237 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$.
Activity id: {A33A2B8C-390A-413D-8B21-12F16046F44F} | 4000 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 236 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | a33a2b8c-390a-413d-8b21-12f16046f44f | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 235 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 234 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 233 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 232 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2128 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 231 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 2632 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:54 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: c59c478f-2ba4-4b8b-9216-af0e61f55471 | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 230 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 1412 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:02 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 229 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 1412 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:02 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 228 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 1412 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:02 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 227 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 1412 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:02 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 226 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 1412 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:02 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 225 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 1288 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:02 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 224 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1192 | 1288 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:50:02 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 223 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 772 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:45:57 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 222 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 968 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:45:57 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logoff from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 221 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 1824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:45:56 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification EndShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 220 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 1904 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:45:56 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon Start Shell handling completed. | 6339 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 219 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 1564 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification StartShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 218 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 1564 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 217 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2404 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 216 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2404 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 215 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed user logon policy processing for WIN-5T344G8GM1H\Administrator in 0 seconds. | 8001 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 214 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 213 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 212 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 211 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 210 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 209 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 208 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 207 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 206 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 205 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 204 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting user logon Policy processing for WIN-5T344G8GM1H\Administrator.
Activity id: {65CB5132-E893-416B-A63D-2BA652D6D6C6} | 4001 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 203 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | 65cb5132-e893-416b-a63d-2ba652d6d6c6 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 202 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2404 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 201 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 3028 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 200 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2404 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 199 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2404 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 198 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2404 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:01 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 197 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$ in 0 seconds. | 8000 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 196 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 195 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 194 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 193 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
Local Group Policy
Not Applied (Empty)
| 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 192 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
None | 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 191 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 190 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 189 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 188 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 187 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 186 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2316 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 185 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2316 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 184 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$.
Activity id: {ED5A8EC3-2E31-4880-B3CC-3D038F81C4A4} | 4000 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 183 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | ed5a8ec3-2e31-4880-b3cc-3d038f81c4a4 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 182 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 181 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 2316 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:00 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: 7ec6f95f-ca51-46fd-b628-91606dc57360 | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 180 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 88 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:23:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 179 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 88 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:23:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 178 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 88 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:23:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 177 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 88 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:23:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 176 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 88 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:23:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 175 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 1176 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:23:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 174 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 964 | 1176 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:23:55 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 173 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1664 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:44:38 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 172 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1180 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:44:38 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logoff from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 171 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 3168 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:44:38 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification EndShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 170 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1724 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:44:38 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon Start Shell handling completed. | 6339 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 169 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2384 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification StartShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 168 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2384 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 167 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 166 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 165 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed user logon policy processing for WIN-5T344G8GM1H\Administrator in 0 seconds. | 8001 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 164 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 163 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 162 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 161 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 160 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 159 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 158 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 157 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 156 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 155 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 154 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting user logon Policy processing for WIN-5T344G8GM1H\Administrator.
Activity id: {F99EA46F-75FC-4CE4-8726-97FC03D1B568} | 4001 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 153 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | f99ea46f-75fc-4ce4-8726-97fc03d1b568 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 152 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 151 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1692 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 150 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 149 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 148 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:02 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 147 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 146 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 145 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$ in 0 seconds. | 8000 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 144 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 143 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 142 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 141 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
Local Group Policy
Not Applied (Empty)
| 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 140 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
None | 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 139 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 138 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 137 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 136 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 135 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 134 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 133 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$.
Activity id: {FA8F8E72-590E-4AE5-9C6C-7D5C9F473623} | 4000 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 132 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | fa8f8e72-590e-4ae5-9c6c-7d5c9f473623 | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 131 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 130 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 129 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2728 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 128 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:07:01 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: 3b55a67b-bb51-4c33-a51f-c935146e1612 | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 127 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1392 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:24 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 126 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1392 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:24 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 125 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1392 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:24 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 124 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1392 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:24 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 123 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1392 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:24 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 122 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1316 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:24 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 121 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1176 | 1316 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:24 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 120 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3660 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:02:38 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 119 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 1156 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:02:38 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logoff from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 118 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 5108 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:02:38 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification EndShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 117 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 5108 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:02:38 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon Start Shell handling completed. | 6339 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 116 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:07 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification StartShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 115 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2472 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:07 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 114 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2600 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 113 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2600 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 112 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed user logon policy processing for WIN-5T344G8GM1H\Administrator in 0 seconds. | 8001 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 111 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 110 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 109 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 108 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 107 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 106 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 105 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 104 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 103 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 102 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 101 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting user logon Policy processing for WIN-5T344G8GM1H\Administrator.
Activity id: {B40A7D2E-EE0B-4AFD-8EF4-53A4B91BD98D} | 4001 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 100 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | b40a7d2e-ee0b-4afd-8ef4-53a4b91bd98d | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 99 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2600 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 98 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2784 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 97 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2600 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 96 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2600 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 95 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2600 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:06 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 94 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2400 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 93 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2400 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 92 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$ in 0 seconds. | 8000 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 91 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 90 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 89 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 88 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
Local Group Policy
Not Applied (Empty)
| 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 87 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
None | 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 86 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 85 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 84 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2400 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 83 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 82 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 81 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2400 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 80 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2400 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 79 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 78 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$.
Activity id: {280DA8C2-EAC4-4740-9F29-D442B4641CDA} | 4000 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 77 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | 280da8c2-eac4-4740-9f29-d442b4641cda | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 76 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 3056 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 75 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 2400 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:05 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: ad8eaacf-9ac8-4b59-9d35-13bd21983404 | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 74 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 1364 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:42:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 73 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 1364 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:42:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 72 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 1364 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:42:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 71 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 1364 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:42:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 70 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 1364 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:42:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 69 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 1276 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:42:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 68 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 1152 | 1276 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:42:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 67 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 6040 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:50 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 66 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 928 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:50 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logoff from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 65 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1564 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:49 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification EndShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 64 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 932 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:49 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon Start Shell handling completed. | 6339 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 63 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 2368 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification StartShell from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 62 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 2368 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 61 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 60 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 59 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed user logon policy processing for WIN-5T344G8GM1H\Administrator in 0 seconds. | 8001 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 58 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed Registry Extension Processing in 16 milliseconds. | 5016 | 0 | | 4 | 0 | 2 | 4611686018427387904 | 57 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 56 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 55 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 54 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting Registry Extension Processing.
List of applicable Group Policy objects: (Changes were detected.)
Local Group Policy
| 4016 | 0 | | 4 | 0 | 1 | 4611686018427387904 | 53 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 52 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 51 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 50 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
None | 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 49 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
Local Group Policy
| 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 48 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 47 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 46 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 45 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 44 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 43 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting user logon Policy processing for WIN-5T344G8GM1H\Administrator.
Activity id: {822AD6C6-A4A6-4A78-B264-65E46A20EFBB} | 4001 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 42 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | 822ad6c6-a4a6-4a78-b264-65e46a20efbb | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 41 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 40 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3756 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 39 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 38 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification Logon from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 37 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session completed successfully. | 5117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 36 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 35 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 2872 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 34 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 2872 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Completed computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$ in 0 seconds. | 8000 | 1 | | 4 | 0 | 2 | 4611686018427387904 | 33 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished checking for non-system extensions. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 32 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service configuration update to standalone is not required and will be skipped. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 31 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Checking for Group Policy client extensions that are not part of the system. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 30 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following Group Policy objects were not applicable because they were filtered out :
Local Group Policy
Not Applied (Empty)
| 5313 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 29 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| List of applicable Group Policy objects:
None | 5312 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 28 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy successfully got applicable GPOs from the domain controller. | 5126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 27 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed downloading policies. | 5257 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 26 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy receiving applicable GPOs from the domain controller. | 4126 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 25 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The loopback policy processing mode is "No loopback mode". | 5311 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 24 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 23 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 2872 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy processing mode is Foreground synchronous. | 5340 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 22 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting computer boot policy processing for WORKGROUP\WIN-5T344G8GM1H$.
Activity id: {227CEB83-33CD-4922-AED0-D222BC464B1A} | 4000 | 1 | | 4 | 0 | 1 | 4611686018427387904 | 21 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | 227ceb83-33cd-4922-aed0-d222bc464b1a | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group policy session returned to winlogon. | 5351 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 20 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Winlogon status reporting has completed. | 6338 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 19 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Session started. | 4117 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 18 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 3492 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received the notification CreateSession from Winlogon for session 1. | 5324 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 17 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1948 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: 3dbc3a1f-1e0f-497f-bf39-81527fa03b67 | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 16 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1532 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:01:59 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 15 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1532 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:01:59 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 14 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1532 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:01:59 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 13 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1532 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:01:59 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 12 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1532 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:01:58 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 11 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1732 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:01:58 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 10 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 924 | 1732 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:01:58 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service stopped. | 5115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 9 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 916 | 2760 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 9:01:40 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy received Preshutdown notification from Service Control Manager. | 5325 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 8 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 916 | 920 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 9:01:40 AM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A previous instance of the Group Policy Client Service was detected. Parameter: e9a66211-b3b2-4290-a071-282831c76b8b | 5321 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 7 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 916 | 944 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:14 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing service instance state to detect previous instances of the service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 6 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 916 | 944 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:14 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Initializing and reading current service configuration for the Group Policy Client service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 5 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 916 | 944 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:14 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service is currently configured as a shared service. | 5320 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 4 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 916 | 944 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:14 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully completed the Group Policy Service initialization phase. | 5116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 3 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 916 | 944 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:14 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Group Policy Service started. | 4115 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 2 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 916 | 1452 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:14 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started the Group Policy service initialization phase. | 4116 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 1 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | Microsoft-Windows-GroupPolicy/Operational | 916 | 1452 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:14 PM | | | microsoft-windows-grouppolicy/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |