I'm seeing recurring success audits in the security logs on our DC from a number of computers on our network.
The reason i'm curious about this is because a number of them happen out of hours when the user is not onsite.
Some of the users do access their PCs from home but the audits do not correspond to these times.
On one particular user, this log may show up 20 times or so during the night.
What would be the main reason(s) for this type of audit?
Category: Account Logon
Type: Success Audit
Event ID: 680
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Bill
Source Workstation: HR01
Error Code: 0x0
Any help is appreciated.
Thanks in advance,