Useful Event Viewer IDs
These are some useful Windows Event Viewer IDs, you can use for searching specific events.
| Event ID | Description |
|---|---|
| 4624 | A user account has logged on |
| 4625 | A user account failed to log on |
| 4672 | Special privileges (i.e. SeTcbPrivilege) have been assigned to a user |
| 4768 | A TGT (Kerberos) ticket was requested for a high-privileged account |
-eof-
This post is licensed under CC BY 4.0 by the author.