cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Server 2012 R4 Event Code 4776 blank source workstation

f0cus_13
Copper Contributor

‎May 09 2022 10:35 AM

‎May 09 2022 10:35 AM

Windows Server 2012 R4 Event Code 4776 blank source workstation

Hello,

 

I am using an Active Directory server with Windows Server 2012 R2 Datacenter.

 

In the Event Viewer of the AD Server, I want to track down logons (succeeded/failed) of users into servers monitored by this AD server.
At the moment, I only see events with code 4776 related to logons, but they lacks information about Source Workstation.
This is an example:

 

"
EventCode=4776
EventType=0
ComputerName=computer.name
SourceName=Microsoft Windows security auditing.
Type=Information
RecordNumber=6697575380
Keywords=Audit Success
TaskCategory=Credential Validation
OpCode=Info
Message=The computer attempted to validate the credentials for an account.

 

 

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: logon-account
Source Workstation: source-workstation
Error Code: 0x0
"

 

To monitor logons on those servers from the Active Controller, what policies should I configure?

702 Views
0 Likes
0 Replies
Reply
0 Replies