Table of Contents
What is the security ID for the logon event?
Event ID 4624
Event ID 4624 (viewed in Windows Event Viewer) documents every successful attempt at logging on to a local computer. This event is generated on the computer that was accessed, in other words, where the logon session was created.
What is NT Authority?
The NT AUTHORITY account is a built in account mostly used to run XP Services. Many XP Services run under the NT AUTHORITY account (it is like a User account but you will not see it in your Users list) and there are different levels for different Services.
What was the special privilege?
Definition of special privilege : a privilege granted (as by a law or constitution) to an individual or group to the exclusion of others and in derogation of common right introduced a bill that would provide for special privileges such as tariff and other subsidies to domestic corporations the board …
How do I enable SeSecurityPrivilege?
All i had to do was:
- Declare a Variable of Type EventLog.
- Set the variable’s Log property to “System” (for the System Log)
- Enable the EnableRaisingEvents property.
What is logon type 11?
Type 11-Cached Interactive logon—This is logged when users log on using cached credentials, which basically means that in the absence of a domain controller, you can still log on to your local machine using your domain credentials.
What is logon type 10?
What does logon type 10 mean? Logon type 10 refers to remote interactive logons. Event ID 528 with logon type 10 means that the user logged on to the computer through RDP by using either Remote Desktop or Windows 2000 Server Terminal Services.
What is NT in NT login?
Windows NT (which may originally have stood for “New Technology,” although Microsoft doesn’t say) is actually two products: Microsoft NT Workstation and Microsoft NT Server.
What is NT Authority logon?
When the OS can’t validate who you are, you are NT AUTHORITY\ANONYMOUS LOGON. You typically see this in double hop situations like when you have a client connecting to SSRS and SSRS isn’t on the same server as the SQL Server where the DB is located. As you might have guessed, they shouldn’t have done this.
Is AdvApi a malware?
AdvApi is likely a Trojan and as such, presents a serious vulnerability which should be fixed immediately! Delaying further investigation of advapi.exe may cause serious harm to your system and will likely cause a number of problems, loss of data, loss of control or leaking private information.
What are logon types?
Logon type – Identifies the logon type initiated by the connection. Reusable credentials on destination – Indicates that the following credential types will be stored in LSASS process memory on the destination computer where the specified account is logged on locally: LM and NT hashes. Kerberos TGTs.