Introducing ADAudit Plus' Attack Surface Analyzer—Detect 25+ AD attacks and identify risky Azure configurations. Learn more×
 
Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Study

Blogs and articles on auditing, security, and compliance
 

Windows Event ID 4624- Successful logon

Event ID 4624 (viewed in Windows Event Viewer) documents every successful attempt at logging on to a local computer. This event is generated on the computer that was accessed, in other words, where the logon session was created. A related event, Event ID 4625, documents failed logon attempts. More…

Windows Event ID 4625- Failed logon

Event ID 4625 (viewed in Windows Event Viewer) documents every failed attempt at logging on to a local computer. This event is generated on the computer from where the logon attempt was made. A related event, Event ID 4624, documents successful logons. More…

Domain Password Policies: Configuring and Auditing Correctly!

Over the past 14 years, I have been around the world helping admins, auditors, and security professionals understand how the domain password policy works in Active Directory. The default behavior has not changed in those 14 years, so you can imagine how many people I have helped, not to mention how many times I have spoken about it. More…

Autoarchiving Security Logs in Event Viewer

A small, nearly hidden feature of the Event Viewer by Microsoft is the ability to autoarchive the logs. Of course, one of the most important Event Viewer logs is the security log. For years, we have had to develop solutions or acquire software to help archive the security log when it fills up; but now, that is no longer necessary. More…

Tracking Down Locked Out Service Accounts

We all have services running on our servers. Many of these services require Active Directory user accounts, which are ​referred to as service accounts. These service accounts are essential, as they allow ​services to perform their duties. However, when a service account fails to authenticate back to a domain controller, many issues ​can arise. If the service account fails to authenticate too many times, the user can then be locked out. More…

ADAudit Plus Trusted By