Windows Event ID 4625 No Username

I am working on deploying Ossec to monitor my failed login attempts from workstations now that I have deployed a password policy.  Everything for Ossec so far is working for what I need out of the box with no customization's.  What I have noticed now though is that all the other event id's related to login have the username where it shows (no user) in the following:

2014 Oct 31 12:18:56 WinEvtLog: Security: AUDIT_FAILURE(4625): Microsoft-Windows-Security-Auditing: (no user):

4625 is the only one I've noticed so far that doesn't show the username.  Does anyone know why?  If I can fix that it would make this a lot easier.  Thanks!

November 3rd, 2014 9:51am

Can you post the full event log ? 

You may also check this : https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4625

Free Windows Admin Tool Kit Click here and download it now
November 4th, 2014 6:56am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics