I am monitoring the event logs on computer A that has supposely is locked down which is only accessible by user A. In the event log I noticed
eventid: 608 Type:Success A User: NT AUTHORITY\SYSTEM Computer A
Description: User right Assigned:
User Right: SeMachineAccountPrivilege
Assigned To: xxx\USER B
Logon ID: (#x#, #x#A#)
Would this indicate that USER B is trying to access computer_A or is USER B creating a machine and assigning same computer name to see if user b can gain access. So esstenially what I'm asking is USER B actually breaking into computer_A.