deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #1858 from wesinator/event-4782

Browse Source 
Fix name of event 4782
This commit is contained in:
Patti Short 2018-10-16 09:49:28 -07:00 committed by GitHub
commit f2389e6f18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/TOC.md
View File

@ -504,7 +504,7 @@
####### [Event 4752 S: A member was removed from a security-disabled global group.](auditing/event-4752.md) ####### [Event 4752 S: A member was removed from a security-disabled global group.](auditing/event-4752.md)
####### [Event 4753 S: A security-disabled global group was deleted.](auditing/event-4753.md) ####### [Event 4753 S: A security-disabled global group was deleted.](auditing/event-4753.md)
###### [Audit Other Account Management Events](auditing/audit-other-account-management-events.md) ###### [Audit Other Account Management Events](auditing/audit-other-account-management-events.md)
####### [Event 4782 S: The password hash an account was accessed.](auditing/event-4782.md) ####### [Event 4782 S: The password hash of an account was accessed.](auditing/event-4782.md)
####### [Event 4793 S: The Password Policy Checking API was called.](auditing/event-4793.md) ####### [Event 4793 S: The Password Policy Checking API was called.](auditing/event-4793.md)
###### [Audit Security Group Management](auditing/audit-security-group-management.md) ###### [Audit Security Group Management](auditing/audit-security-group-management.md)
####### [Event 4731 S: A security-enabled local group was created.](auditing/event-4731.md) ####### [Event 4731 S: A security-enabled local group was created.](auditing/event-4731.md)

4
windows/security/threat-protection/auditing/audit-other-account-management-events.md
View File

@ -30,13 +30,13 @@ This subcategory allows you to audit next events:
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments | | Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |-------------------|-----------------|-----------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Domain Controller | Yes | No | Yes | No | The only reason to enable Success auditing on domain controllers is to monitor “[4782](event-4782.md)(S): The password hash an account was accessed.”<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | | Domain Controller | Yes | No | Yes | No | The only reason to enable Success auditing on domain controllers is to monitor “[4782](event-4782.md)(S): The password hash of an account was accessed.”<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Member Server | No | No | No | No | The only event which is generated on Member Servers is “[4793](event-4793.md)(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance. <br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | | Member Server | No | No | No | No | The only event which is generated on Member Servers is “[4793](event-4793.md)(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance. <br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Workstation | No | No | No | No | The only event which is generated on Workstations is “[4793](event-4793.md)(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance. <br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | | Workstation | No | No | No | No | The only event which is generated on Workstations is “[4793](event-4793.md)(S): The Password Policy Checking API was called.”, this event is a typical information event with little to no security relevance. <br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
**Events List:** **Events List:**
- [4782](event-4782.md)(S): The password hash an account was accessed. - [4782](event-4782.md)(S): The password hash of an account was accessed.
- [4793](event-4793.md)(S): The Password Policy Checking API was called. - [4793](event-4793.md)(S): The Password Policy Checking API was called.

8
windows/security/threat-protection/auditing/event-4782.md
View File

@ -1,6 +1,6 @@
--- ---
title: 4782(S) The password hash an account was accessed. (Windows 10) title: 4782(S) The password hash of an account was accessed. (Windows 10)
description: Describes security event 4782(S) The password hash an account was accessed. description: Describes security event 4782(S) The password hash of an account was accessed.
ms.pagetype: security ms.pagetype: security
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
@ -10,7 +10,7 @@ author: Mir0sh
ms.date: 04/19/2017 ms.date: 04/19/2017
--- ---
# 4782(S): The password hash an account was accessed. # 4782(S): The password hash of an account was accessed.
**Applies to** **Applies to**
- Windows 10 - Windows 10
@ -108,7 +108,7 @@ Typically **“Subject\\Security ID”** is the SYSTEM account.
## Security Monitoring Recommendations ## Security Monitoring Recommendations
For 4782(S): The password hash an account was accessed. For 4782(S): The password hash of an account was accessed.
- Monitor for all events of this type, because any actions with accounts password hashes should be planned. If this action was not planned, investigate the reason for the change. - Monitor for all events of this type, because any actions with accounts password hashes should be planned. If this action was not planned, investigate the reason for the change.