Understanding Logon Events in the Windows Server 2022 Security Log

Webinar Registration

In this next Security Log Exposed webinar, I will explain how the much-misunderstood Logon/Logoff category of the Windows security log works. First, I’ll explain the difference between logon events and authentication (aka Account Logon) events in Windows. Then I’ll help you interpret these events based on whether you observe them on workstations, member servers or domain controllers.

You will learn about Windows 2022 event IDs 4624, 4625 as well as many more. You will learn how to track logon attempts back to the computer where the user is located and how to interpret the Logon Type and Logon ID fields that appear in some events.

I’ll deal with the issue of anonymous logon events which causes much concern and investigation as well as other “weird” logon events that are sometimes encountered.

I will also explain why you see multiple logon events when a privileged user logs on – it has to do with User Account Control.

This session is sponsored by LOGbinder’s Supercharger for Windows Event Collection and Barry Vista will briefly show you how Supercharger can help you leverage native Windows Event Forwarding to aggregation logs without installing an agent on every endpoint.

This will be a technical, real training for free session so don’t miss it!

First Name:   
Last Name:   
Work Email:  
Job Title:  
How long have you been using native Windows Event Collection in production?:
How many Windows servers in your organization? :
How many Windows workstations in your organization?:

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Upcoming Webinars
    Additional Resources