Windows事件ID详解
AD域用于集中管理用户权限,在公司环境已普遍使用,使用AD域产生的相关日志,如安全事件日志的分析在工作中会经常使用。
Windows安全事件日志详解:官方文档
如下是账户相关的Windows安全事件日志:
4624 An account was successfully logged on
4625 An accunt failed to log on
4634 An account was logged off
4722 A user account was enabled
4738 A user account was changed
4724 An attemp was made to reset an account's password
4720 A user account was created
4726 A user account ws deleted
4767 A user account was unlocked
4740 A user account was locked out
4742 A computer account was changed
Windows安全事件日志详解:官方文档
如下是账户相关的Windows安全事件日志:
4624 An account was successfully logged on
4625 An accunt failed to log on
4634 An account was logged off
4722 A user account was enabled
4738 A user account was changed
4724 An attemp was made to reset an account's password
4720 A user account was created
4726 A user account ws deleted
4767 A user account was unlocked
4740 A user account was locked out
4742 A computer account was changed
