![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 71%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHA%3C/text%3E%3C/svg%3E)
4,659 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 6%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZ%3C/text%3E%3C/svg%3E)
Hi HosniAdnan-7274,
EventID 4776 means that the computer(Domain Controller) attempted to validate the credentials for an user logon.
4776(S, F): The computer attempted to validate the credentials for an account
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4776
According to the information(such as JP1), this event might be recorded not only user logon but also application.
10.2.2 Failure Audit(EventID : 4625 or 4776) is recorded in the Windows security event log
PCM70254.HTM
If you'd like to stop recording ID 4776, you need to set the Advanced Audit Policy configuration at your system as follow.
[Group Policy Management]
Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies > Account Logon
[Sub Category]
Audit Credential Validation
[Audit Events]
Not Configured
I hope this would help you.
Best regards,
Zaamasu