Windows Security Log Events

Categories:  

Subcategories: (Vista and Win2008 only)  

Category: Logon/Logoff

528 - Successful Logon
529 - Logon Failure - Unknown user name or bad password
530 - Logon Failure - Account logon time restriction violation
531 - Logon Failure - Account currently disabled
532 - Logon Failure - The specified user account has expired
533 - Logon Failure - User not allowed to logon at this computer
534 - Logon Failure - The user has not been granted the requested logon type at this machine
535 - Logon Failure - The specified account's password has expired
536 - Logon Failure - The NetLogon component is not active
537 - Logon failure - The logon attempt failed for other reasons.
538 - User Logoff
539 - Logon Failure - Account locked out
540 - Successful Network Logon
551 - User initiated logoff
552 - Logon attempt using explicit credentials
682 - Session reconnected to winstation
683 - Session disconnected from winstation
4624 - An account was successfully logged on
4625 - An account failed to log on
4634 - An account was logged off
4646 - IKE DoS-prevention mode started.
4647 - User initiated logoff
4648 - A logon was attempted using explicit credentials
4649 - A replay attack was detected
4650 - An IPsec Main Mode security association was established
4651 - An IPsec Main Mode security association was established
4652 - An IPsec Main Mode negotiation failed
4653 - An IPsec Main Mode negotiation failed
4654 - An IPsec Quick Mode negotiation failed
4655 - An IPsec Main Mode security association ended
4672 - Special privileges assigned to new logon
4778 - A session was reconnected to a Window Station
4779 - A session was disconnected from a Window Station
4800 - The workstation was locked
4801 - The workstation was unlocked
4802 - The screen saver was invoked
4803 - The screen saver was dismissed
4964 - Special groups have been assigned to a new logon
4976 - During Main Mode negotiation, IPsec received an invalid negotiation packet.
4977 - During Quick Mode negotiation, IPsec received an invalid negotiation packet.
4978 - During Extended Mode negotiation, IPsec received an invalid negotiation packet.
4979 - IPsec Main Mode and Extended Mode security associations were established.
4980 - IPsec Main Mode and Extended Mode security associations were established
4981 - IPsec Main Mode and Extended Mode security associations were established
4982 - IPsec Main Mode and Extended Mode security associations were established
4983 - An IPsec Extended Mode negotiation failed
4984 - An IPsec Extended Mode negotiation failed
5451 - An IPsec Quick Mode security association was established
5452 - An IPsec Quick Mode security association ended
5453 - An IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service is not started
5632 - A request was made to authenticate to a wireless network
5633 - A request was made to authenticate to a wired network
6272 - Network Policy Server granted access to a user
6273 - Network Policy Server denied access to a user
6274 - Network Policy Server discarded the request for a user
6275 - Network Policy Server discarded the accounting request for a user
6276 - Network Policy Server quarantined a user
6277 - Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy
6278 - Network Policy Server granted full access to a user because the host met the defined health policy
6279 - Network Policy Server locked the user account due to repeated failed authentication attempts
6280 - Network Policy Server unlocked the user account

 

Upcoming Webinars
Additional Resources