Event ID 534 – Logon Failure: User Has Not Been Granted The Requested Logon Type At This Machine
Event ID | 534 |
Category | Logon/Logoff |
Type | Failure Audit |
Description | Logon failure – The user has not been granted the requested logon type at this machine |
When the local security policy does not allow the user to log on in the requested fashion, event 534 is generated. This event gets generated on the server or workstation where the user failed to logon.
This log data provides the following information:
- User Name
- Domain
- Logon Type
- Logon Process
- Authentication Package
- Workstation Name
Additionally, in Windows Server 2003, the following information is also made available:
- Caller User Name
- Caller Domain
- Caller Logon ID
- Caller Process ID
- Transited Services
- Source Network Address
- Source Port
Why does event ID 534 need to be monitored?
- To detect brute-force, dictionary, and other password guess attacks.
- To detect abnormal and possibly malicious internal activity.
- To come up with a benchmark for the account lockout threshold policy.
- To ensure compliance with regulatory mandates.
Pro Tip:
With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks logon failures, helping you meet your security, operational, and compliance needs with absolute ease.
Event 534 applies to the following operating systems:
- Windows Server 2000
- Windows 2003 and XP
Corresponding events in Windows 2008 and Windows Vista are 4625 and 5461.
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools