AccountLogon_AuditCredentialValidation

This policy setting allows you to audit events generated by validation tests on user account logon credentials. Events in this subcategory occur only on the computer that's authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the local computer is authoritative.