To get logon type 2 event, please try to perform a local logon, for example, use Domain Admin account to log onto one DC, then find Event 4624 on this DC.To get logon type 10 event, please use Remote Desktop Service to log from a Domain member to the DC....
The 2 logon sessions are connected by the Linked Logon ID described below. Remaining logon information fields are new to Windows 2025 Remote Credential Guard: Normally "-". Logon Type: This is a valuable piece of information as it tells you HOW the user just logged on: Logon Type ...
•New Logon:This section reveals theAccount Nameof the user for whom the new logon was created and theLogon ID, a hexadecimal value that helps correlate this event with other events. Logon TypeDescription 2 -Interactive logon Occurs when a user logs on using a computer's local keyboar...
Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0Logon Type: 3Impersonation Level: DelegationNew Logon: Security ID: S-1-5-21-3803837968-1534464277-3267097699-47311 Account Name: L-3PLHH92$ Account Domain: CORP Logon ID: 0x15B72B10B Logon GUID: {07261433-bae2-...
Event ID: 4624 Source: Security Category: Logon/Logoff Message: An account was successfully logged on. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WORKSTATION123$ Account Domain: CORPDOMAIN Logon ID: 0x3e7 Logon Type: 7
Event ID 4624 null sid An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: SYSTEM Account Name: MyPC$ Account Domain: MyDomain ...
日志记录EventID 4624:帐户已成功登录。 3、逻辑1 -未经授权的内部RDP连接 WhereDetected use of RDP EventID with Logon type 10 (RemoteInteractive) OR Dest Port = 3389ANDSource is not an authorized user of RDP 4、逻辑2 -未经授权的RDP进出网络 5.3 未经授权的SMB活动 1、理论 SMB是windows网络中不...
Description Fields in 4634 Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Logon Type: %5 Supercharger Enterprise Examples of 4634 An account was logged off. Subject: Security ID: ANONYMOUS LOGON Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Log...
eventtype=wineventlog_security EventCode=4624LogonType=3LogonProcessName=Kerberos Security_ID IN("*-500")| eval Account_Domain=mvindex(Account_Domain,1)| eval Security_ID=mvindex(Security_ID,1)|stats earliest(_time) AS start_time latest(_time) AS end_time count by EventCode LogonProcess...
Sr no Event ID 2003 Server Event ID 2008 Server Event Type 1 528 4624 Local User logon 2 6008 6008 Unexpected Shutdown 3 6009 6009 Logged During every boot 4 6006 6006 Clean Shutdown 5 624 4720 Local account created 6 630 4726 Local account deleted 7 7036 7036 DHCP Server Service ...