Microsoft-Windows-LUA

45 events across 2 channels

Event ID	Title	Channel
15001		Diagnostic
15002		Diagnostic
15003		Diagnostic
15004		Diagnostic
15005		Diagnostic
15006		Diagnostic
15007		Diagnostic
15008		Diagnostic
15009		Diagnostic
15010		Diagnostic
15011		Diagnostic
15012		Diagnostic
15013		Diagnostic
15014		Diagnostic
15015		Diagnostic
15016		Diagnostic
15017		Diagnostic
15018		Diagnostic
15019		Diagnostic
15020		Diagnostic
15021		Diagnostic
15022		Diagnostic
15023		Diagnostic
15024		Diagnostic
15025		Diagnostic
15026		Diagnostic
15027		Diagnostic
15028		Diagnostic
15029		Diagnostic
15030		Diagnostic
15031		Diagnostic
15031	Success: Elevation prompt for executable FullCommandLine (ProgramName published …	Elevation
15032		Diagnostic
15032	Elevation prompt for executable FullCommandLine (ProgramName published by …	Elevation
16001		Diagnostic
16002		Diagnostic
16003		Diagnostic
16004		Diagnostic
16005		Diagnostic
16006		Diagnostic
16007		Diagnostic
16008		Diagnostic
16009		Diagnostic
16010		Diagnostic
16011		Diagnostic

Event ID 15001 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_GetUserDesktopSnapshot
Opcode: Start

Event ID 15002 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_GetUserDesktopSnapshot
Opcode: Stop

Event ID 15003 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_WindowThread
Opcode: Start

Event ID 15004 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_WindowThread
Opcode: Stop

Event ID 15005 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_WindowThread

Event ID 15006 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_SwitchDesktop
Opcode: Start

Event ID 15007 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_SwitchDesktop
Opcode: Stop

Event ID 15008 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_ReturnUserDesktop
Opcode: Start

Event ID 15009 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_ReturnUserDesktop
Opcode: Stop

Event ID 15010 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_WindowThread
Opcode: Start

Event ID 15011 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_WindowThread
Opcode: Stop

Event ID 15012 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_CheckActiveDesktop
Opcode: Start

Event ID 15013 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_CheckActiveDesktop
Opcode: Stop

Event ID 15014 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_CheckActiveDesktop
Opcode: Start

Event ID 15015 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_CheckActiveDesktop
Opcode: Stop

Event ID 15016 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_WindowThread
Opcode: Start

Event ID 15017 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_WindowThread
Opcode: Stop

Event ID 15018 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_WindowThread
Opcode: Start

Event ID 15019 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_WindowThread
Opcode: Stop

Event ID 15020 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_WindowThread
Opcode: Start

Event ID 15021 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_WindowThread
Opcode: Stop

Event ID 15022 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_Experience
Opcode: Start

Event ID 15023 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_Experience
Opcode: Stop

Event ID 15024 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_Experience
Opcode: Start

Event ID 15025 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_Experience
Opcode: Stop

Event ID 15026 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_Experience
Opcode: Start

Event ID 15027 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_Experience
Opcode: Stop

Event ID 15028 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_LEASVC

Fields #

Name	Description
`Parameters` Pointer	—

Event ID 15029 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_AMScan
Opcode: Start

Event ID 15030 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: ConsentUI_AMScan
Opcode: Stop

Event ID 15031 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: CredUI_Elevation

Description

Success: Elevation prompt for executable ( published by ) answered by , will elevate as .

Fields #

Name	Description
`ProgramName` UnicodeString	—
`Publisher` UnicodeString	—
`FullCommandLine` UnicodeString	—
`UserName` UnicodeString	—
`ShadowAdmin` UnicodeString	—
`ShadowAdminSID` UnicodeString	—
`ReturnCode` UInt32	—
`ReturnMessage` UnicodeString	—

Event ID 15031 — Success: Elevation prompt for executable FullCommandLine (ProgramName published by Publisher) answered by UserName, will elevate as ShadowAdmin.

Provider: Microsoft-Windows-LUA
Channel: Elevation
Task: CredUI_Elevation

Description

Success: Elevation prompt for executable FullCommandLine (ProgramName published by Publisher) answered by UserName, will elevate as ShadowAdmin.

Message #

Success: Elevation prompt for executable %3 (%1 published by %2) answered by %4, will elevate as %5.

Fields #

Name	Description
`ProgramName` UnicodeString	—
`Publisher` UnicodeString	—
`FullCommandLine` UnicodeString	—
`UserName` UnicodeString	—
`ShadowAdmin` UnicodeString	—
`ShadowAdminSID` UnicodeString	—
`ReturnCode` UInt32	—
`ReturnMessage` UnicodeString	—

Event ID 15032 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: CredUI_Elevation_Failure

Description

Elevation prompt for executable ( published by ) answered by . Error : .

Fields #

Name	Description
`ProgramName` UnicodeString	—
`Publisher` UnicodeString	—
`FullCommandLine` UnicodeString	—
`UserName` UnicodeString	—
`ShadowAdmin` UnicodeString	—
`ShadowAdminSID` UnicodeString	—
`ReturnCode` UInt32	—
`ReturnMessage` UnicodeString	—

Event ID 15032 — Elevation prompt for executable FullCommandLine (ProgramName published by Publisher) answered by UserName.

Provider: Microsoft-Windows-LUA
Channel: Elevation
Task: CredUI_Elevation_Failure

Description

Elevation prompt for executable FullCommandLine (ProgramName published by Publisher) answered by UserName. Error ReturnCode: ReturnMessage.

Message #

Elevation prompt for executable %3 (%1 published by %2) answered by %4. Error %7: %8.

Fields #

Name	Description
`ProgramName` UnicodeString	—
`Publisher` UnicodeString	—
`FullCommandLine` UnicodeString	—
`UserName` UnicodeString	—
`ShadowAdmin` UnicodeString	—
`ShadowAdminSID` UnicodeString	—
`ReturnCode` UInt32	—
`ReturnMessage` UnicodeString	—

Event ID 16001 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: AppInfo_PerfTrack_ElevationPath
Opcode: Start

Fields #

Name	Description
`EventId` UInt32	—
`UACElevateFileID` UnicodeString	—

Event ID 16002 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: AppInfo_PerfTrack_ElevationPath
Opcode: Stop

Fields #

Name	Description
`EventId` UInt32	—
`UACElevateFileID` UnicodeString	—

Event ID 16003 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: AppInfo_PerfTrack_ElevationPath
Opcode: Start

Fields #

Name	Description
`EventId` UInt32	—
`UACElevateFileID` UnicodeString	—

Event ID 16004 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: AppInfo_PerfTrack_ElevationPath
Opcode: Stop

Fields #

Name	Description
`EventId` UInt32	—
`UACElevateFileID` UnicodeString	—

Event ID 16005 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: AppInfo_PerfTrack_ElevationPath
Opcode: Start

Fields #

Name	Description
`EventId` UInt32	—
`UACElevateFileID` UnicodeString	—

Event ID 16006 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: AppInfo_PerfTrack_ElevationPath
Opcode: Stop

Fields #

Name	Description
`EventId` UInt32	—
`UACElevateFileID` UnicodeString	—

Event ID 16007 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: AppInfo_PerfTrack_ElevationPath
Opcode: Start

Fields #

Name	Description
`EventId` UInt32	—
`UACElevateFileID` UnicodeString	—

Event ID 16008 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: AppInfo_PerfTrack_ElevationPath
Opcode: Stop

Fields #

Name	Description
`EventId` UInt32	—
`UACElevateFileID` UnicodeString	—

Event ID 16009 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: AppInfo_PerfTrack_ElevationPath
Opcode: Stop

Fields #

Name	Description
`EventId` UInt32	—
`UACElevateFileID` UnicodeString	—

Event ID 16010 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: AppInfo_PerfTrack_ElevationPath
Opcode: Start

Fields #

Name	Description
`EventId` UInt32	—
`UACElevateFileID` UnicodeString	—

Event ID 16011 —

Provider: Microsoft-Windows-LUA
Channel: Diagnostic
Task: AppInfo_PerfTrack_ElevationPath
Opcode: Stop

Fields #

Name	Description
`EventId` UInt32	—
`UACElevateFileID` UnicodeString	—