Windows Server 2012 R4 Event Code 4776 blank source workstation

New Contributor

Hello,

 

I am using an Active Directory server with Windows Server 2012 R2 Datacenter.

 

In the Event Viewer of the AD Server, I want to track down logons (succeeded/failed) of users into servers monitored by this AD server.
At the moment, I only see events with code 4776 related to logons, but they lacks information about Source Workstation.
This is an example:

 

"
EventCode=4776
EventType=0
ComputerName=computer.name
SourceName=Microsoft Windows security auditing.
Type=Information
RecordNumber=6697575380
Keywords=Audit Success
TaskCategory=Credential Validation
OpCode=Info
Message=The computer attempted to validate the credentials for an account.

 

 

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: logon-account
Source Workstation: source-workstation
Error Code: 0x0
"

 

To monitor logons on those servers from the Active Controller, what policies should I configure?

0 Replies