How do you monitor these event ID across your domain ?
can anyone give me suggestion or share the Powershell script to email / report this please ?
1002 Application Hang
1000 Application Error
7, 9, 11, 51, 52, 55 Potential HD related issue
1053 Servers too hot. Sometimes our Air conditioning breaks.
529 Logon Failure - Unknown user name or bad password
530 Logon Failure - Account logon time restriction violation
531 Logon Failure - Account currently disabled
532 Logon Failure - The specified user account has expired
533 Logon Failure - User not allowed to logon at this computer
534 Logon Failure - The user has not been granted the requested logon type at this machine
535 Logon Failure - The specified account’s password has expired
539 Logon Failure - Account locked out
On the Domain Controller:
Event 675 on a domain controller indicates a failed initial attempt to logon via Kerberos at a workstation with a domain account usually due to a bad password but the failure code indicates exactly why authentication failed
Event 642 indicates a change to the specified user account such as a reset password or a disabled account being re-enabled. The event’s description specifies the type of change.
Events 632, 636, 660 - All 3 events indicate the specified user was added to the specified group. Group scopes Global, Local and Universal correspond to the 3 event IDs
Event 624 - New user account was created.
Event 644 - Specified user account was locked out after repeated logon failures
Event 517 - The specified user cleared the security log.