This is a highly valuable event since it documents each and every successful attempt to logon to the local computer regardless of logon type, location of the user or type of account. You can tie this event to logoff events 4634 and 4647 using Logon ID....
Event 4624 (Windows 2016) Description of Event Fields Theimportant informationthat can be derived from Event 4624 includes: •Logon Type:This field reveals the kind of logon that occurred. In other words, it points outhow the user logged on. There are a total of nine different types o...
系统自带 event viewer(中、低)# 系统自带的事件查看器,其使用 xpath 语法。优点在于系统自带,无需导入任何工具。 例如要检索 EventID 为4624 ,且 LogonType 为 2 的日志。 <Eventxmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> ... <EventID>4624</EventID> ... </System...
Event Viewer\Applications and Services Logs\Microsoft\Windows\TerminalServices-RemoteConnectionManager Event Viewer\Windows Logs\Security(EventID:4624,Logon Type:10)-TP Logging IP adderess during remote desktop connection 我是在 Event Viewer\Applications and Services Logs\Microsoft\Windows\TerminalServices-R...
Since the logon type is 5, it's normal for the Source Network Address and Source Port fields to have no values. The logon type 5 means a service was started by the Service Control Manager. https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4624 Best Reg...
New Logon: Security ID[Type = SID]:SID of account for which logon was performed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID can't be resolved, you'll see the source data in the event. ...
1. 右键“我的电脑”,选择管理,打开「事件查看器」;或者同时按下 Windows键 + R键,输入“eventvwr.msc”直接打开「事件查看器」。 2. 在「事件查看器」窗口,展开Windows日志,选择“安全”,登录日志就显示出来了。 3. 接下来你会在窗口中看到一个列表,包括 “关键字”、 “日期和时间”、“来源”、“事件...
This event does not necessarily indicate the time that a user has stopped using a system. For example, if the computer is shut down or loses network connectivity it may not record a logoff event at all. Logon Type: indicates how the user was logged on. See 4624 for explanation of these...
Event ID: 4624 Task Category: Logon Level: Information Keywords: Audit SuccessUser: N/A Computer: <computerFQDN> Description: An account was successfully logged on. Subject: Security ID: SYSTEM Account Name: < MachineName>$ Account Domain: <DomainName> ...
EventType:事件类型 参考:Windows Logon Type的含义_flyhaze的专栏-CSDN博客 EventCategory:不懂。参考Windows API ReportEvent 写系统日志 – jqdy – 博客园 String: 各个位置含义: 代码语言:javascript 代码运行次数:0 运行 AI代码解释 0安全IP(SID)1账号名称2账户域3登录ID4安全ID5账户名6账户域7登录ID8登录...