Windows事件ID详解

2019-12-30 走过路过 10501 0

AD域用于集中管理用户权限,在公司环境已普遍使用,使用AD域产生的相关日志,如安全事件日志的分析在工作中会经常使用。

Windows安全事件日志详解:官方文档

如下是账户相关的Windows安全事件日志:
4624 An account was successfully logged on
4625 An accunt failed to log on
4634 An account was logged off
4722 A user account was enabled
4738 A user account was changed
4724 An attemp was made to reset an account's password
4720 A user account was created
4726 A user account ws deleted
4767 A user account was unlocked
4740 A user account was locked out
4742 A computer account was changed

全部评论 最新评论 最早评论
还没有用户评论

联系我们

微信公众号
打赏作者