Group Policy Management

3 events across 1 channel

Event ID	Title	Channel
2001		Application
2005		Application
2007		Application

Event ID 2001 —

Provider: Group Policy Management
Channel: Application
Level: Informational

Fields #

Name	Description
`Data_0`	—
`Data_1`	—
`Data_2`	—
`Data_3`	—
`Data_4`	—
`Data_5`	—
`Data_6`	—
`Data_7`	—
`Data_8`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Group Policy Management",
    "guid": "",
    "event_source_name": "",
    "event_id": 2001,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2026-03-13T22:15:51.396459+00:00",
    "event_record_id": 4026,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1105"
    }
  },
  "event_data": {
    "Data_0": "C:\\Users\\domainadmin\\AppData\\Local\\Temp\\1\\ipamprov",
    "Data_1": "{09673450-4573-42E8-85D0-104144DF0BA3}",
    "Data_2": "IPAMGPO_DNS",
    "Data_3": "IPAMGPO_DNS",
    "Data_4": "{7F345996-1D92-4194-85BF-72BFB5298EDA}",
    "Data_5": "ipamtestsetup.com",
    "Data_6": "IPAMLAB_DNS",
    "Data_7": "{7D9B7EEE-20A5-4D05-9373-7611063BE5E5}",
    "Data_8": "ludus.domain",
    "Binary": ""
  },
  "message": ""
}

Event ID 2005 —

Provider: Group Policy Management
Channel: Application
Level: Informational

Fields #

Name	Description
`Data_0`	—
`Data_1`	—
`Data_2`	—
`Data_3`	—
`Data_4`	—
`Data_5`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Group Policy Management",
    "guid": "",
    "event_source_name": "",
    "event_id": 2005,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2026-03-13T23:05:16.532290+00:00",
    "event_record_id": 4207,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1105"
    }
  },
  "event_data": {
    "Data_0": "C:\\Users\\domainadmin\\Desktop\\automaton\\GPO_Backups",
    "Data_1": "{49CEFE4D-0DBB-4F8C-A5AA-0CD112C798A0}",
    "Data_2": "",
    "Data_3": "TestGPO_Registry",
    "Data_4": "{8a888aca-8c2e-4c5c-bc8a-a61fedb6f877}",
    "Data_5": "ludus.domain",
    "Binary": ""
  },
  "message": ""
}

Event ID 2007 —

Provider: Group Policy Management
Channel: Application
Level: Informational

Fields #

Name	Description
`Data_0`	—
`Data_1`	—
`Data_2`	—
`Data_3`	—
`Data_4`	—
`Data_5`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Group Policy Management",
    "guid": "",
    "event_source_name": "",
    "event_id": 2007,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2026-03-13T23:05:12.447018+00:00",
    "event_record_id": 4205,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1105"
    }
  },
  "event_data": {
    "Data_0": "TestGPO_Registry",
    "Data_1": "{8A888ACA-8C2E-4C5C-BC8A-A61FEDB6F877}",
    "Data_2": "ludus.domain",
    "Data_3": "TestGPO_Registry",
    "Data_4": "{B375F45E-5856-4F94-9C23-7824A555AFEF}",
    "Data_5": "ludus.domain",
    "Binary": ""
  },
  "message": ""
}