假设Windows 7 和 Windows Server 2008 R2 (KB2592687) 的远程桌面协议 8.0 更新是通过策略设置安装和启用的。 当用户的远程桌面登录到该计算机时,将记录安全事件 ID 4624,并显示无效的客户端 IP 地址和端口号,如下所示:日志名称:安全性 来源:Microsoft-Windows-Security-Auditing 日期:2015/9/14 ...
Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 9/14/2015 6:10:36 PM Event ID: 4624 Task Category: Logon Level: Information Keywords: Audit SuccessUser: N/A Computer: <computerFQDN> Description: An account was successfully logged on. ...
<?xml version="1.0"?> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}"/> <EventID>4624</EventID> <Version>2</Version> <Level>0</Level> <Task>12544</...
<13>May 08 10:45:44 microsoft.windows.test AgentDevice=WindowsLog AgentLogFile=Security PluginVersion=7.2.9.108 Source=Microsoft-Windows-Security-Auditing Computer=microsoft.windows.test OriginatingComputer=10.0.0.2 User= Domain= EventID=4624 EventIDCode=4624 EventType=8 EventCategory=12544 RecordNumber...
><Eventxmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><ProviderName="Microsoft-Windows-Security-Auditing"Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}"/><EventID>4624</EventID><Version>2</Version><Level>0</Level><Task>12544</Task><Opcode>0</Opcode><Keywords>0x...
例如,使用连接到 Windows Server 2008 R2 上的文件共享的 Windows 7 客户端进行测试。 网络跟踪显示身份验证实际上是使用 NTLMv2,但在事件日志中报告 NTLMv1: 日志名称:安全性 来源:Microsoft-Windows-Security-Auditing 事件ID:4624 任务类别:登录 级别:信息 ...
Auditing removable storage devices X The following sections describe these security auditing features in greater detail. Expression-based security audit policies Windows Server 2012 introduces expression-based security audit policies. Dynamic Access Control in Windows Server 2012 enables you to create targeted...
4634 Source: Microsoft-Windows-Security-Auditing Category: Logoff Message: An account was logged off. Subject: Security ID: TESTGROUND\cacheduser Account Name: cacheduser Account Domain: TESTGROUND Logon ID: 0xbed3f1 Logon Type: 2 This event is generated when a logon session is destroyed. It...
Auditing removable storage devices X The following sections describe these security auditing features in greater detail. Expression-based security audit policies Windows Server 2012 introduces expression-based security audit policies. Dynamic Access Control in Windows Server 2012 enables you to create targeted...
Sample Event ID: 4624 Source: Microsoft-Windows-Security-Auditing Event ID: 4624 Task Category: Logon Level: Information Keywords: Audit Success Description: An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Typ...