Windows Security Log Event ID 4797
Operating Systems Windows 2012 R2 and 8.1
Windows 2016 and 10
Category
 • Subcategory
Account Management
 • User Account Management
Type Success
Corresponding events
in Windows 2003
and before
 
Discussions on Event ID 4797
Ask a question about this event

4797: An attempt was made to query the existence of a blank password for an account

On this page

There is a lot of confusion about this event and no good explanation. If you see this event for many different target account names I would investigate. Or if you see this event on many different systems where caller workstation name is the same. Otherwise ignore.

Top 10 Windows Security Events to Monitor

An attempt was made to query the existence of a blank password for an account.

Subject:
    Security ID:    %1
    Account Name:   %2
    Account Domain: %3
    Logon ID:       %4

Additional Information:
    Caller Workstation:    %5
    Target Account Name:   %6
    Target Account Domain: %7

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this



Training for the Windows Security Log