Windows Events

Event ID 4634 – An account was logged off 

Hello All,

Hope this post finds you in good health and spirit.

Event ID 4634 – An account was logged off 

This event shows that logon session was terminated and no longer exists.Event Id 4634 event is generated when a logon session is terminated or is destroyed. The session is no longer exists.

The key distinction between “4647: User initiated logoff.” and “4634: Session ended and no longer exists.” is that 4647 event is issued when logoff procedure is started by a specific account using the logoff function.

When a user logs off using standard methods, the logon type 4647 is more usual for Interactive and RemoteInteractive login types. When the user began the logoff procedure, both 4647 and 4634 events are normally shown.

Using the Logon ID value, it may be positively associated with a “4624: An account was successfully logged on.” event. Only between reboots on the same machine are logon IDs distinct.

Recommendations for Security Monitoring

For 4634:- A user account was logoff.

  • To prevent specific login types from being used by accounts that lack the necessary rights.
  • Keep track of high-value account activity.
  • Recognize irregularities and malevolent behavior.
  • To prevent the usage of inactive, external, and restricted accounts
  • To guarantee that only accounts on the white list carry out certain precise tasks
    to impose rules and requirements.

So, that’s all in this blog. I will meet you soon with some other stuff. Have a nice day !!!

Recommended contents

RODC Installation Guide- Step by step guide to install read only domain controller

RODC Filtered Attribute Set

Installing and configuring a RODC in Windows Server-2012

How to find the GUID of Domain Controller

Group Policy Understanding Group Policy Preferences

Group Policy Verification Tool GPOTool Exe

Group Policy Health Check on Specific Domain Controller

What is Netlogon Folder in Active Directory

How to Create Custom Attributes in Active Directory

How Can I Check the Tombstone Lifetime of My Active Directory Forest

How to Determine a Computers AD Site From the Command Line

How to Check the Active Directory Database Integrity

How to Check the Active Directory Database Integrity

Disabling and Enabling the Outbound Replication

DFS Replication Service Stopped Replication

What is Strict Replication Consistency

How to export replication information in txt file

Repadmin Replsummary

Enabling the outbound replication

Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .

You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno
Back to top button