SQL Server Audit Action Group: SERVER_OBJECT_CHANGE_GROUP

Available in		New to:
Database Audit Specification	Server Audit Specification	2012	2016
	•

This group tracks creation, changes and deletions of "server objects". We are unsure of what constitutes a "server object", but apparently this includes server master keys, server credentials and cryptographic providers.

LOGbinder for SQL Server events generated under this Audit Action Group:

Event ID	Description
24058	Issued a create server object command
24059	Issued a change server object command
24060	Issued a delete server object command
24061	Issued a create server setting command
24062	Issued a change server setting command
24063	Issued a delete server setting command
24064	Issued a create server cryptographic provider command
24065	Issued a delete server cryptographic provider command
24066	Issued a change server cryptographic provider command
24067	Issued a create server credential command
24068	Issued a delete server credential command
24069	Issued a change server credential command
24070	Issued a change server master key command
24071	Issued a back up server master key command
24072	Issued a restore server master key command
24073	Issued a map server credential to login command
24074	Issued a remove map between server credential and login command

Upcoming Webinars

Additional Resources

Audit Policy

•	Server Audit Specification
•	Database Audit Specification
•	Audit Action Groups
•	Audit Actions
•	Audit Policy Wizard

User name:
Password:
	/ Forgot?
	Register

June 2025 Patch Tuesday	"Patch Tuesday - Two Zero Days and 11 Critical Updates " - sponsored by LOGbinder and Supercharger

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.