# Page Not Found

The URL `windows-artifacts/event-ids/authentication-account/4672-special-privileges` does not exist. This page may have been moved, renamed, or deleted.

## Suggested Pages

You may be looking for one of the following:
- [4672 - Special Privileges](https://windows.dfirhandbook.com/windows-artifacts/event-ids/security/authentication-account/4672-special-privileges.md)
- [4771 - Kerberos Failure](https://windows.dfirhandbook.com/windows-artifacts/event-ids/security/authentication-account/4771-kerberos-failure.md)
- [4625 - Authentication Failure](https://windows.dfirhandbook.com/windows-artifacts/event-ids/security/authentication-account/4625-authentication-failure.md)
- [4648 - Explicit Credentials Success](https://windows.dfirhandbook.com/windows-artifacts/event-ids/security/authentication-account/4648-explicit-credentials-success.md)
- [4722 - Account Enabled](https://windows.dfirhandbook.com/windows-artifacts/event-ids/security/authentication-account/4722-account-enabled.md)

## How to find the correct page

If the exact page cannot be found, you can still retrieve the information using the documentation query interface.

### Option 1 — Ask a question (recommended)

Perform an HTTP GET request on the documentation index with the `ask` parameter:

```
GET https://windows.dfirhandbook.com/windows-artifacts/event-ids/security/authentication-account/4672-special-privileges.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

### Option 2 — Browse the documentation index

Full index: https://windows.dfirhandbook.com/sitemap.md

Use this to discover valid page paths or navigate the documentation structure.

### Option 3 — Retrieve the full documentation corpus

Full export: https://windows.dfirhandbook.com/llms-full.txt

Use this to access all content at once and perform your own parsing or retrieval. It will be more expensive.

## Tips for requesting documentation

Prefer `.md` URLs for structured content, append `.md` to URLs (e.g., `/windows-artifacts/event-ids/security/authentication-account/4672-special-privileges.md`).

You may also use `Accept: text/markdown` header for content negotiation.