Live Demo
Free Edition
Download NowEvent ID 4964 – Special Groups Have Been Assigned To A New Logon
| Event ID | 4964 |
| Category | Logon/Logoff |
| Sub-Category | Audit Special Logon |
| Type | Success Audit |
| Description | Special groups have been assigned to anew logon. |
When an account which is already the member of some defined special group logs in, event 4964 is generated. For this event to be triggered, auditing for 'SpecialGroups' must be set up.
This log provides the following information:
- Security ID
- Account Name
- Account Domain
- Logon ID
- Logon GUID
- Special Groups Assigned
Why does event ID 4964 need to be monitored?
Special groups are used to define a list of important critical groups. Using event 4964, we can monitor when all a member of these groups logs on to a computer.
Pro Tip:
ADAudit Plus helps you avoid the GPOs monitoring complexities with real-time pre-configured reports and auditing of the changes along with alerts within a domain & OU. The advanced real-time audit reports emphasize on the elusive change details and give a detailed report on the special groups assigned to an account, both old and new.
Event 4964 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools