Windows 10: How do I link Event IDs 4660 and 4663?

Discus and support How do I link Event IDs 4660 and 4663? in AntiVirus, Firewalls and System Security to solve the problem; Hello,I have found a Python script that extracts IDs 4660 and 4663 and displays information such as computer name, user name, file and folder name, and... Discussion in 'AntiVirus, Firewalls and System Security' started by Windows.Geek, Feb 23, 2025.

  1. WINDOWS.GEEK
    Windows.Geek Win User

    How do I link Event IDs 4660 and 4663?


    Hello,I have found a Python script that extracts IDs 4660 and 4663 and displays information such as computer name, user name, file and folder name, and time and date for files and folders. I want to know which file or folder was deleted by whom.The problem is that there is no file or folder name in ID 4660 and I need to extract the file or folder name from ID 4663, but how do I link these together? How do I know which ID 4660 is related to which ID 4663? What field is common between these IDs?Thank you.

    :)
     
    Windows.Geek, Feb 23, 2025
    #1
  2. ICY_GALAXY
    Icy_Galaxy Win User

    Windows Event 4660

    Hello Everyone,

    I'm trying actually to create a detection rule with Windows event 4660 to track any deleted object, file, directory or something like that. I know that this event is logged when an object is deleted. I checked that all the advanced audit policies are configured to Success and Failure to be able to collect the events, but when :

    1. I created a new registry key and deleted it after that, event 4660 has not been logged;
    2. I tried to deleted system registry keys but same thing;
    3. I tried to delete files and directories but also same thing.
    I want to know, why this event code is not generated ? Did I miss something or do something wrong ?

    Need your help.

    Thanks in advance.
     
    Icy_Galaxy, Feb 23, 2025
    #2
  3. 6F687AAF-666E-4517-A280-FC0E35B3949B
    6f687aaf-666e-4517-a280-fc0e35b3949b Win User
    Turn Off Auditing Event ID 4663 For Computer Account

    Hello,

    We are trying to reduce log volumes and we have a very noisy computer account that is generating millions of 4663 a day. I cannot for the life of me figure out a way to turn auditing off for this specific account and event. I tried looking in to SACL but
    couldn't find a way to properly do it. If anyone could please help guide me in how to do something like this it would be greatly appreciated.
     
    6f687aaf-666e-4517-a280-fc0e35b3949b, Feb 23, 2025
    #3
  4. REEEELEASEMEE
    rEEEEleaseMEE Win User

    How do I link Event IDs 4660 and 4663?

    Event ID 10016, CLSID and APPID

    Hey, I've been trying to resolve this same dcom issue myself, and I followed the steps you listed @FreeBooter, but when I try to do the last step, I firstly when clicking "edit" get a message saying

    How do I link Event IDs 4660 and 4663? 256765d1574802134t-event-id-10016-clsid-appid-error.png

    And then when I do enter the menu after clicking "ok" on that dialog box, the add button is greyed out.

    I'm 100% certain I followed all the steps correctly. I triple-checked it. But no dice...
     
    rEEEEleaseMEE, Feb 23, 2025
    #4
Thema:

How do I link Event IDs 4660 and 4663?

Loading...

  1. How do I link Event IDs 4660 and 4663? - Similar Threads - link Event IDs

  2. How do I link Event IDs 4660 and 4663?

    in Windows 10 Gaming
    How do I link Event IDs 4660 and 4663?: Hello,I have found a Python script that extracts IDs 4660 and 4663 and displays information such as computer name, user name, file and folder name, and time and date for files and folders. I want to know which file or folder was deleted by whom.The problem is that there is no...

  3. How do I link Event IDs 4660 and 4663?

    in Windows 10 Software and Apps
    How do I link Event IDs 4660 and 4663?: Hello,I have found a Python script that extracts IDs 4660 and 4663 and displays information such as computer name, user name, file and folder name, and time and date for files and folders. I want to know which file or folder was deleted by whom.The problem is that there is no...

  4. A question about Event ID 4660

    in Windows 10 Gaming
    A question about Event ID 4660: Hello,I want to send Windows Event Logs to a Grafana server and analyze it. My goal is to know which file or folder was deleted by whom and on what date and time. The ID for the deleted file or folder is 4660, but this ID does not include the file or folder name.What is the...

  5. A question about Event ID 4660

    in Windows 10 Software and Apps
    A question about Event ID 4660: Hello,I want to send Windows Event Logs to a Grafana server and analyze it. My goal is to know which file or folder was deleted by whom and on what date and time. The ID for the deleted file or folder is 4660, but this ID does not include the file or folder name.What is the...

  6. A question about Event ID 4660

    in AntiVirus, Firewalls and System Security
    A question about Event ID 4660: Hello,I want to send Windows Event Logs to a Grafana server and analyze it. My goal is to know which file or folder was deleted by whom and on what date and time. The ID for the deleted file or folder is 4660, but this ID does not include the file or folder name.What is the...

  7. Windows Event 4660

    in Windows 10 Gaming
    Windows Event 4660: Hello Everyone,I'm trying actually to create a detection rule with Windows event 4660 to track any deleted object, file, directory or something like that. I know that this event is logged when an object is deleted. I checked that all the advanced audit policies are configured...

  8. Windows Event 4660

    in Windows 10 Software and Apps
    Windows Event 4660: Hello Everyone,I'm trying actually to create a detection rule with Windows event 4660 to track any deleted object, file, directory or something like that. I know that this event is logged when an object is deleted. I checked that all the advanced audit policies are configured...

  9. Windows Event 4660

    in AntiVirus, Firewalls and System Security
    Windows Event 4660: Hello Everyone,I'm trying actually to create a detection rule with Windows event 4660 to track any deleted object, file, directory or something like that. I know that this event is logged when an object is deleted. I checked that all the advanced audit policies are configured...

  10. Turn Off Auditing Event ID 4663 For Computer Account

    in Windows 10 Customization
    Turn Off Auditing Event ID 4663 For Computer Account: Hello, We are trying to reduce log volumes and we have a very noisy computer account that is generating millions of 4663 a day. I cannot for the life of me figure out a way to turn auditing off for this specific account and event. I tried looking in to SACL but couldn't...