Event ID 1502 — The Group Policy settings for the computer were processed successfully.

Provider: Microsoft-Windows-GroupPolicy
Channel: System
Level: Informational
Opcode: Start

Description

The Group Policy settings for the computer were processed successfully. New settings from NumberOfGroupPolicyObjects Group Policy objects were detected and applied.

Message #

The Group Policy settings for the computer were processed successfully. New settings from %6 Group Policy objects were detected and applied.

Fields #

Name	Description
`SupportInfo1` UInt32	—
`SupportInfo2` UInt32	—
`ProcessingMode` UInt32	—
`ProcessingTimeInMilliseconds` UInt32	—
`DCName` UnicodeString	—
`NumberOfGroupPolicyObjects` UInt32	Number of Group Policy objects that were processed

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-GroupPolicy",
    "guid": "AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9",
    "event_source_name": "",
    "event_id": 1502,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 1,
    "keywords": 9223372036854775808,
    "time_created": "2023-11-05T23:49:58.052759+00:00",
    "event_record_id": 2033,
    "correlation": {
      "ActivityID": "AA63BEC0-3996-4133-A97D-DB5DB9617FF3"
    },
    "execution": {
      "process_id": 8540,
      "thread_id": 9876
    },
    "channel": "System",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "SupportInfo1": 1,
    "SupportInfo2": 4195,
    "ProcessingMode": 0,
    "ProcessingTimeInMilliseconds": 906,
    "DCName": "",
    "NumberOfGroupPolicyObjects": 1
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline
Windows Forensic Artifacts https://github.com/Psmths/windows-forensic-artifacts/blob/main/group-policy/evtx-1502-computer-gpo-success.md