Event ID 4634 – An account was logged off
Hello All,
Hope this post finds you in good health and spirit.
Event ID 4634 – An account was logged off
This event shows that logon session was terminated and no longer exists.Event Id 4634 event is generated when a logon session is terminated or is destroyed. The session is no longer exists.
The key distinction between “4647: User initiated logoff.” and “4634: Session ended and no longer exists.” is that 4647 event is issued when logoff procedure is started by a specific account using the logoff function.
When a user logs off using standard methods, the logon type 4647 is more usual for Interactive and RemoteInteractive login types. When the user began the logoff procedure, both 4647 and 4634 events are normally shown.
Using the Logon ID value, it may be positively associated with a “4624: An account was successfully logged on.” event. Only between reboots on the same machine are logon IDs distinct.
Recommendations for Security Monitoring
For 4634:- A user account was logoff.
- To prevent specific login types from being used by accounts that lack the necessary rights.
- Keep track of high-value account activity.
- Recognize irregularities and malevolent behavior.
- To prevent the usage of inactive, external, and restricted accounts
- To guarantee that only accounts on the white list carry out certain precise tasks
to impose rules and requirements.
So, that’s all in this blog. I will meet you soon with some other stuff. Have a nice day !!!
Recommended contents
RODC Installation Guide- Step by step guide to install read only domain controller
RODC Filtered Attribute Set
Installing and configuring a RODC in Windows Server-2012
How to find the GUID of Domain Controller
Group Policy Understanding Group Policy Preferences
Group Policy Verification Tool GPOTool Exe
Group Policy Health Check on Specific Domain Controller
What is Netlogon Folder in Active Directory
How to Create Custom Attributes in Active Directory
How Can I Check the Tombstone Lifetime of My Active Directory Forest
How to Determine a Computers AD Site From the Command Line
How to Check the Active Directory Database Integrity
How to Check the Active Directory Database Integrity
Disabling and Enabling the Outbound Replication
DFS Replication Service Stopped Replication
What is Strict Replication Consistency
How to export replication information in txt file
Repadmin Replsummary
Enabling the outbound replication
Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .
You can also share the feedback on below windows techno email id.
If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.