Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 4624 Microsoft-Windows-Security-Auditing N/A 10/12/2011 9:00 PM ws-username01
- Category: Logon
- Message:
- An account was successfully logged on.
- Subject:
- Security ID: S-1-0-0
- Account Name: -
- Account Domain: -
- Logon ID: 0x0
- Logon Type: 3
- New Logon:
- Security ID: S-1-5-7
- Account Name: ANONYMOUS LOGON
- Account Domain: NT AUTHORITY
- Logon ID: 0x92541f4
- Logon GUID: {00000000-0000-0000-0000-000000000000}
- Process Information:
- Process ID: 0x0
- Process Name: -
- Network Information:
- Workstation Name: WS-DDES01
- Source Network Address: 10.0.0.138
- Source Port: 3562
- Detailed Authentication Information:
- Logon Process: NtLmSsp
- Authentication Package: NTLM
- Transited Services: -
- Package Name (NTLM only): NTLM V1
- Key Length: 0
- This event is generated when a logon session is created. It is generated on the computer that was accessed.
- The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
- The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
- The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
- The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
- The authentication information fields provide detailed information about this specific logon request.
- - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- - Transited services indicate which intermediate services have participated in this logon request.
- - Package name indicates which sub-protocol was used among the NTLM protocols.
- - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Add Comment
Please, Sign In to add comment