Windows Security Log Events by Category

Category: Account Logon
Policy: Audit account logon events

look up events by Event ID or Category

Overview:

Microsoft should have named the Audit account logon events policy Audit authentication events. On DCs, the policy tracks all attempts to log on with a domain user account, regardless of where the attempt originates. If you enable this policy on a workstation or member server, it will record any attempts to log on by using a local account stored in that computer’s SAM. ...read more

Save $100 on Security Log Secrets Interactive Edition xzfg

Become a Security Log Expert

with Randy Smith's Security Log Secrets Seminar...

Event ID	OS:	Title:
672	Win2000	Authentication Ticket Granted
	Win2003	Authentication Ticket Request
673	Win2000	Service Ticket Granted
	Win2003	Service Ticket Request
674	Win2000	Ticket Granted Renewed
	Win2003	Service Ticket Renewed
675	Win2000, Win2003, DC	Pre-authentication failed
676	Win2000	Authentication Ticket Request Failed
	Win2003	Authentication Ticket Request Failed
677	Win2000	Service Ticket Request Failed
	Win2003	Service Ticket Request Failed
678	All Versions	Account Mapped for Logon by
679	Win2000	The name: %2 could not be mapped for logon by: %1
680	Win2000	Account Used for Logon by
	Win2003	Logon attempt
681	Win2000	The logon to account: %2 by: %1 from workstation: %3 failed
	Win2003	The logon to account: %2 by: %1 from workstation: %3 failed

Additional Links

A
D
V

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit

Sick of LimitLogin? Get UserLock for real logon control

Windows Security Log Events by Category

Category: Account Logon Policy: Audit account logon events

Overview:

Become a Security Log Expert

Additional Links

Category: Account Logon
Policy: Audit account logon events