| Admin Tip #57 : Security Events Logon Type Definitions |
Hits: Failed to execute CGI : Win32 Error Code = 3
|
typedef enum _SECURITY_LOGON_TYPE
{
Interactive = 2, // Interactively logged on (locally or remotely)
Network = 3, // Accessing system via network
Batch = 4, // Started via a batch queue
Service = 5, // Service started by service controller
Proxy = 6, // Proxy logon
Unlock = 7 // Unlock workstation
}
Logon Events (interactive):
A successful logon event generates Event ID 528, Logon Type 2. A logoff event generates Event ID 538, Logon Type 2.
Connection Events (network):
A successful Net Use or File Manager connection or a successful Net View generates Event ID 528, Logon Type 3.
Connection events are sessions at the server level and are generated only by the initial connection from a particular user. Later Net Views or Net Uses from the same user to the same computer do not generate logged events unless the user has disconnected (or has been autodisconnected) from all shares.
See q103390 for a discussion of the NT account validation across networks.
Event Log Tips:
Archiving Event Logs
Event Log explained
How to Delete Corrupt Event Viewer Log Files
Forensics: CrashOnAuditFail
Restrict access to Application and System event logs
Security Event Descriptions
Security Events Logon Type Definitions
Security Log Location
Suppress Browser Event Log Messages
Suppress Prevent logging of print jobs
System events in NT4 SP4
User Authentication with Windows NT
User Rights, Definition and List
Frank Heyne has made available a Windows NT Eventlog FAQ .
Book Recommendation:
|
|
|
|