deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 21:33:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #1858 from wesinator/event-4782

Browse Source 
Fix name of event 4782
This commit is contained in:
Patti Short
2018-10-16 09:49:28 -07:00
committed by GitHub
parent e04883be95 2440e3da3c
commit f2389e6f18
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/auditing/audit-other-account-management-events.md
View File

@ -30,13 +30,13 @@ This subcategory allows you to audit next events:
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Domain Controller | Yes | No | Yes | No | The only reason to enable Success auditing on domain controllers is to monitor “[4782](event-4782.md)(S): The password hash an account was accessed.”<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Domain Controller | Yes | No | Yes | No | The only reason to enable Success auditing on domain controllers is to monitor “[4782](event-4782.md)(S): The password hash of an account was accessed.”<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Member Server | No | No | No | No | The only event which is generated on Member Servers is “[4793](event-4793.md)(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance. <br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Workstation | No | No | No | No | The only event which is generated on Workstations is “[4793](event-4793.md)(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance. <br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
**Events List:**
- [4782](event-4782.md)(S): The password hash an account was accessed.
- [4782](event-4782.md)(S): The password hash of an account was accessed.
- [4793](event-4793.md)(S): The Password Policy Checking API was called.

8
windows/security/threat-protection/auditing/event-4782.md
View File

@ -1,6 +1,6 @@
---
title: 4782(S) The password hash an account was accessed. (Windows 10)
description: Describes security event 4782(S) The password hash an account was accessed.
title: 4782(S) The password hash of an account was accessed. (Windows 10)
description: Describes security event 4782(S) The password hash of an account was accessed.
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: deploy
@ -10,7 +10,7 @@ author: Mir0sh
ms.date: 04/19/2017
---
# 4782(S): The password hash an account was accessed.
# 4782(S): The password hash of an account was accessed.
**Applies to**
- Windows 10
@ -108,7 +108,7 @@ Typically **“Subject\\Security ID”** is the SYSTEM account.
## Security Monitoring Recommendations
For 4782(S): The password hash an account was accessed.
For 4782(S): The password hash of an account was accessed.
- Monitor for all events of this type, because any actions with accounts password hashes should be planned. If this action was not planned, investigate the reason for the change.