Windows System Event: 4621

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Windows System Event: 4621

Event ID 4621: Administrator recovered system from CrashOnAuditFail.

Description
  • This event is logged after a system reboots following CrashOnAuditFail. It generates when CrashOnAuditFail = 2.
  • Administrator recovered system from CrashOnAuditFail. Users who are not administrators will now be allowed to log on.Some auditable activity might not have been recorded.
Category System
Subcategory Security change

This event logs the following information:

Value of CrashOnAuditFail: %1

Reasons to monitor this event:

  • We recommend triggering an alert for any occurrence of this event.
  • The event shows that the system halted because it could not record an auditable event in the Security Log, as described in CrashOnAuditFail.
  • If your computers don’t have the CrashOnAuditFail flag enabled, then this event will be a sign that some settings are not set to baseline settings or were changed.

Event 4621 applies to the following operating systems:

  • Windows 2008 R2 and 7
  • Windows 2012 R2 and 8.1
  • Windows 2016 and 10

Explore Active Directory auditing and reporting with ADAudit Plus.

  •  
  •  
  •  
  • By clicking 'Schedule a personalized demo' you agree to processing of personal data according to the Privacy Policy.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing