blacklist an event id 4670 with task category: Aut...

nathanpyun · ‎10-23-2015

Hi, I am trying to blacklist an event id 4670 with task category: Authorization Policy Change

I've tried:

blacklist 1 = EventCode="4670" Task_Category="Authorization Policy Change"

blacklist 1 = EventCode="4670" TaskCategory="Authorization Policy Change"

blacklist 1 = EventCode="4670" Task_Category="s+Authorization Policy Change"

but none works....can someone please tell me what I am doing wrong?

Thank you in advance.

Richfez · ‎10-23-2015

According to the docs (and from experience), it'll be "TaskCategory". If the TaskCategory is exactly "Authorization Policy Change" (which google says is likely, then number 2 should have worked. Of course, there's the space issue, which may be real or may just be the editor. I'm going to assume it's a copy and paste and thus the space is a problem. So, your blacklist should be

blacklist1 = EventCode="4670" TaskCategory="Authorization Policy Change"

I don't have any of those events in my logs, so if it doesn't work, please confirm that's exactly the right TaskCategory String.

Richfez · ‎10-23-2015

Please check blacklist1 has no space in it.

blacklist an event id 4670 with task category: Authorization Policy Change

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Join the Conversation

blacklist an event id 4670 with task category: Authorization Policy Change

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?