Lots of event for "The domain controller attempted to validate the credentials for an account"

Hosni Adnan 1 Reputation point
2022-04-05T06:01:53.703+00:00

I am seeing lots of events for "The domain controller attempted to validate the credentials for an account", for some machines this event is coming regularly for 9000-10000 events

Why is this event generating and what should be done to stop this

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: hs***ss
Source Workstation: DHK-**-**59
Error Code: 0x0

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. zaamasu 1,411 Reputation points
    2022-04-05T10:14:16.69+00:00

    Hi HosniAdnan-7274,
    EventID 4776 means that the computer(Domain Controller) attempted to validate the credentials for an user logon.

    4776(S, F): The computer attempted to validate the credentials for an account
    https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4776

    According to the information(such as JP1), this event might be recorded not only user logon but also application.

    10.2.2 Failure Audit(EventID : 4625 or 4776) is recorded in the Windows security event log
    PCM70254.HTM

    If you'd like to stop recording ID 4776, you need to set the Advanced Audit Policy configuration at your system as follow.

    [Group Policy Management]
    Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies > Account Logon

    [Sub Category]
    Audit Credential Validation

    [Audit Events]
    Not Configured

    190047-aaa.jpg

    I hope this would help you.

    Best regards,
    Zaamasu

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.