System32
Events
Scripts
Codes
GeoIP
Tools
Audit Category
Logon/Logoff
(11)
Account Management
(1)
Audit Subcategory
Other Logon/Logoff Events
(12)
Operating Systems
Windows 2008
(12)
Windows 2008 R2
(12)
Windows 2012
(12)
Windows 2012 R2
(12)
Windows 2016
(12)
Windows 2019
(12)
Windows 10
(10)
Windows 7
(10)
Windows 8
(10)
Windows 8.1
(10)
Windows Vista
(10)
Tags
Domain Controller
(2)
ID
Event Description
4649
A replay attack was detected
4778
A session was reconnected to a Window Station
4779
A session was disconnected from a Window Station
4780
The ACL was set on accounts which are members of administrators groups
4800
The workstation was locked
4801
The workstation was unlocked
4802
The screen saver was invoked
4803
The screen saver was dismissed
4825
A user was denied the access to Remote Desktop. By default, users are allowed to connect only if they are members of the Remote Desktop Users group or Administrators group
5378
The requested credentials delegation was disallowed by policy.
5632
A request was made to authenticate to a wireless network.
5633
A request was made to authenticate to a wired network.