2018-4-16 Note Microsoft does not support manually or programmatically altering the SAM database. User authentication by using the MSV10 authentication package Windows uses the LsaLogonUser API for all kinds of user authentications. The LsaLogonUser API authenticates users by calling an authentication package.
-->
Applies to
Subcategory:Audit Credential Validation
Event Description:
This event generates every time that a credential validation occurs using NTLM authentication.
This event occurs only on the computer that is authoritative for the provided credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative.
![]()
It shows successful and unsuccessful credential validation attempts.
It shows only the computer name (Source Workstation) from which the authentication attempt was performed (authentication source). For example, if you authenticate from CLIENT-1 to SERVER-1 using a domain account you will see CLIENT-1 in the Source Workstation field. Information about the destination computer (SERVER-1) is not presented in this event.
If a credential validation attempt fails, you will see a Failure event with Error Code parameter value not equal to “0x0”.
The main advantage of this event is that on domain controllers you can see all authentication attempts for domain accounts when NTLM authentication was used.
For monitoring local account logon attempts, it is better to use event “4624: An account was successfully logged on” because it contains more details and is more informative.
This event also generates when a workstation unlock event occurs.
This event does not generate when a domain account logs on locally to a domain controller. Get microsoft publisher on mac.
Note Is the an upgrade for microsoft office for mac. For recommendations, see Security Monitoring Recommendations for this event.
Event XML:
Required Server Roles: no specific requirements.
Minimum OS Version: Windows Server 2008, Windows Vista.
Event Versions: 0.
Field Descriptions:
NoteAuthentication package is a DLL that encapsulates the authentication logic used to determine whether to permit a user to log on. Local Security Authority (LSA) authenticates a user logon by sending the request to an authentication package. The authentication package then examines the logon information and either authenticates or rejects the user logon attempt.
Table 1. Winlogon Error Codes.
Google Authenticator Apk![]() Security Monitoring Recommendations
For 4776(S, F): The computer attempted to validate the credentials for an account.
Microsoft_authentication_package_v1_0 Mac Download
Comments are closed.
|