Microsoft-Windows-Security-Adminless

1 events across 1 channel

Event ID 1: Access to a resource would have been denied if run with the adminless restriction at FailureTime (StackHash: StackHash).

#
Provider
Microsoft-Windows-Security-Adminless
Channel
Operational
Task
AccessFailure

Description

Access to a resource would have been denied if run with the adminless restriction at FailureTime (StackHash: StackHash).

Message #

Access to a resource would have been denied if run with the adminless restriction at %1 (StackHash: %2).

Fields #

NameDescription
FailureTime FILETIME
StackHash HexInt32

Provenance

Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.

ETW provider GUID ea216962-877b-5b73-f7c5-8aef5375959e

Defined in Microsoft-Windows-System-Events.dll, which carries the event manifest.

Observed on:

  • WS2022-20348.4893 · schema read from the registered manifest · binary version 10.0.20348.3932 · captured 2026-06-02

Downloads

Credits

  • Microsoft - authored the ETW manifests and PDBs the schema comes from
  • jdu2600 - the event-schema TSV format this catalog adopted
  • nasbench - the tool that dumps registered providers and manifests