WinSecWiki > Security Settings > Advanced Audit Policies > Account Logon > Other Account Logon Events

Audit Other Account Logon Events

This category is a dumping ground for authentication events of the Account Logon category that don't fit in the other subcategories. To configure this on Server 2008 and Vista you must use auditpol. Windows 7 and Server 2008 R2 and later can use Group PolicyCoverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID Title
4774 An account was mapped for logon.
4775 An account could not be mapped for logon.
4777 The domain controller failed to validate the credentials for an account.
4782 The password hash an account was accessed.

Back to top

 

Additional Resources