Windows System Event: 4622

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Windows System Event: 4622

Event ID 4622: A security package has been loaded by the Local Security Authority.

Description This event generates every time Security Package has been loaded by the Local Security Authority (LSA).
Category System
Subcategory Security system extension

Information:

  • Security Package is the software implementation of a security protocol (Kerberos, NTLM, for example). Security packages are contained in security support provider DLLs or security support provider/authentication package DLLs.
  • Each time the system starts, the LSA loads the Security Package DLLs from: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages registry value and performs the initialization sequence for every package located in these DLLs.
  • It is also possible to add security package dynamically using AddSecurityPackagefunction, not only during system startup process.

This event logs the following information:

Security Package Name [Type = UnicodeString] The name of loaded Security Package. The format is: DLL_PATH_AND_NAME: SECURITY_PACKAGE_NAME.

Reasons to monitor this event:

Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “Security Package Name” field value in the whitelist or not.

Event 4622 applies to the following operating systems:

  • Windows 2008 R2 and 7
  • Windows 2012 R2 and 8.1
  • Windows 2016 and 10