From 2440e3da3c95eb664b8984309033167cf09fee81 Mon Sep 17 00:00:00 2001
From: wesinator <5124946+wesinator@users.noreply.github.com>
Date: Fri, 12 Oct 2018 22:55:52 -0400
Subject: [PATCH] Fix name of event 4782
Fixes #1857
---
windows/security/threat-protection/TOC.md | 2 +-
.../auditing/audit-other-account-management-events.md | 4 ++--
windows/security/threat-protection/auditing/event-4782.md | 8 ++++----
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 76837097e0..3bbbacf2d9 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -504,7 +504,7 @@
####### [Event 4752 S: A member was removed from a security-disabled global group.](auditing/event-4752.md)
####### [Event 4753 S: A security-disabled global group was deleted.](auditing/event-4753.md)
###### [Audit Other Account Management Events](auditing/audit-other-account-management-events.md)
-####### [Event 4782 S: The password hash an account was accessed.](auditing/event-4782.md)
+####### [Event 4782 S: The password hash of an account was accessed.](auditing/event-4782.md)
####### [Event 4793 S: The Password Policy Checking API was called.](auditing/event-4793.md)
###### [Audit Security Group Management](auditing/audit-security-group-management.md)
####### [Event 4731 S: A security-enabled local group was created.](auditing/event-4731.md)
diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
index 01d32dee4a..2118e8090b 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
@@ -30,13 +30,13 @@ This subcategory allows you to audit next events:
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | Yes | No | Yes | No | The only reason to enable Success auditing on domain controllers is to monitor “[4782](event-4782.md)(S): The password hash an account was accessed.”
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | Yes | No | Yes | No | The only reason to enable Success auditing on domain controllers is to monitor “[4782](event-4782.md)(S): The password hash of an account was accessed.”
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Member Server | No | No | No | No | The only event which is generated on Member Servers is “[4793](event-4793.md)(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Workstation | No | No | No | No | The only event which is generated on Workstations is “[4793](event-4793.md)(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
**Events List:**
-- [4782](event-4782.md)(S): The password hash an account was accessed.
+- [4782](event-4782.md)(S): The password hash of an account was accessed.
- [4793](event-4793.md)(S): The Password Policy Checking API was called.
diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md
index b41a078e08..7139478b3a 100644
--- a/windows/security/threat-protection/auditing/event-4782.md
+++ b/windows/security/threat-protection/auditing/event-4782.md
@@ -1,6 +1,6 @@
---
-title: 4782(S) The password hash an account was accessed. (Windows 10)
-description: Describes security event 4782(S) The password hash an account was accessed.
+title: 4782(S) The password hash of an account was accessed. (Windows 10)
+description: Describes security event 4782(S) The password hash of an account was accessed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@@ -10,7 +10,7 @@ author: Mir0sh
ms.date: 04/19/2017
---
-# 4782(S): The password hash an account was accessed.
+# 4782(S): The password hash of an account was accessed.
**Applies to**
- Windows 10
@@ -108,7 +108,7 @@ Typically **“Subject\\Security ID”** is the SYSTEM account.
## Security Monitoring Recommendations
-For 4782(S): The password hash an account was accessed.
+For 4782(S): The password hash of an account was accessed.
- Monitor for all events of this type, because any actions with account’s password hashes should be planned. If this action was not planned, investigate the reason for the change.