Windows Security Log Events
All Sources
Windows Audit
SharePoint Audit
(
LOGbinder for SharePoint
)
SQL Server Audit
(
LOGbinder for SQL Server
)
Exchange Audit
(
LOGbinder for Exchange
)
Sysmon
(
MS Sysinternals Sysmon
)
Windows Audit Categories:
All categories
Account Logon
Account Management
Directory Service
Logon/Logoff
Non Audit (Event Log)
Object Access
Policy Change
Privilege Use
Process Tracking
System
Uncategorized
Subcategories:
All subcategories
Application Group Management
Computer Account Management
Distribution Group Management
Other Account Management Events
Security Group Management
User Account Management
Windows Versions:
All events
Win2000, XP and Win2003 only
Win2008, Win2012R2, Win2016 and Win10+, Win2019
Required when sub-category selected.
Category:
Account Management
Subcategory:
User Account Management
Windows
4720
A user account was created
Windows
4722
A user account was enabled
Windows
4723
An attempt was made to change an account's password
Windows
4724
An attempt was made to reset an accounts password
Windows
4725
A user account was disabled
Windows
4726
A user account was deleted
Windows
4738
A user account was changed
Windows
4740
A user account was locked out
Windows
4765
SID History was added to an account
Windows
4766
An attempt to add SID History to an account failed
Windows
4767
A user account was unlocked
Windows
4780
The ACL was set on accounts which are members of administrators groups
Windows
4781
The name of an account was changed
Windows
4794
An attempt was made to set the Directory Services Restore Mode administrator password
Windows
4797
An attempt was made to query the existence of a blank password for an account
Windows
4798
A user's local group membership was enumerated.
Windows
5376
Credential Manager credentials were backed up
Windows
5377
Credential Manager credentials were restored from a backup
Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:
Upcoming Webinars
Pentesting Large Language Model Apps using the OWASP Top 10 for LLM Apps
Additional Resources
Encyclopedia
•
Event IDs
•
All Event IDs
•
Audit Policy
Go To Event ID:
Security Log
Quick Reference
Chart
Download now!
Tweet
User name:
Password:
/
Forgot?
Register
February 2025
Patch Tuesday
"Patch Tuesday - Four Zero Days; Average Month Overall " - sponsored by LOGbinder.com
Home
Cookies help us deliver the best experience on our website. By using our website, you agree to the use of cookies.