?
Solved

What are the event Id's 528 & 576

Posted on 2007-09-28
6
Medium Priority
?
4,866 Views
Last Modified: 2012-06-27
Hi,

My machine has these 2 event id's.What are these.
What are the event Id's 528 & 576.
What are the possible situations i will get these events.
Regards
SHarath
0
Comment
Question by:bsharath
6 Comments
 
LVL 2

Assisted Solution

by:SpiritWire
SpiritWire earned 400 total points
ID: 19980492
You may want to consult this site: http://eventid.net/

0
 
LVL 26

Expert Comment

by:Farhan Kazi
ID: 19981109
----------------
Event ID 528
----------------
Event 528 is logged whenever an account logs on to the local computer.
A successful log on event generates Event ID 528, Logon Type 2, and a User log off event generates Event ID 538, Logon Type 2, where Logon Type 2 indicates an interactive log on event.
Logon Type 3, which indicates a network log on event. A successful Net Use or File Manager connection or a successful directed Net View to a Windows NT share generates Event ID 528, a successful log on event of Logon Type 3.

From: http://support.microsoft.com/kb/140714

---------------
Event ID 528
----------------
Event ID 528 It just tells you what user rights a user had at the time he/she logged on (means specified privileges were added to a user's access token.) This event is generated when the user logs on.

For more Info:
http://www.monitorware.com/en/events/details.php?L2=Security&L3=Security&event_id=576

0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 400 total points
ID: 19982329
I assume that second comment was supposed to have the title Event ID 576 ?

If you have many 576 events, see http://support.microsoft.com/kb/822774
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 26

Expert Comment

by:Farhan Kazi
ID: 19982373
Ops!! sorry... Thank you KCTS

---------------
Event ID 576
----------------
Event ID 576 It just tells you what user rights a user had at the time he/she logged on (means specified privileges were added to a user's access token.) This event is generated when the user logs on.

For more Info:
http://www.monitorware.com/en/events/details.php?L2=Security&L3=Security&event_id=576
0
 
LVL 11

Author Comment

by:bsharath
ID: 19982953
I have this in event Id 528

Successful Logon:
       User Name:      Administrator
       Domain:            DEVELOPMENT
       Logon ID:            (0x0,0x15C45)
       Logon Type:      5
       Logon Process:      Advapi  
       Authentication Package:      Negotiate
       Workstation Name:      DEV-CHEN-MRD100
       Logon GUID:      -
       Caller User Name:      DEV-CHEN-MRD100$
       Caller Domain:      DEVELOPMENT
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID: 440
       Transited Services: -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

And this in 576.

Special privileges assigned to new logon:
       User Name:      
       Domain:            
       Logon ID:            (0x0,0x15C45)
       Privileges:      SeImpersonatePrivilege
                  SeSecurityPrivilege
                  SeBackupPrivilege
                  SeRestorePrivilege
                  SeTakeOwnershipPrivilege
                  SeDebugPrivilege
                  SeSystemEnvironmentPrivilege
                  SeLoadDriverPrivilege
                  SeEnableDelegationPrivilege

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

What does this mean.
0
 
LVL 26

Accepted Solution

by:
Farhan Kazi earned 1200 total points
ID: 19983458
Event ID: 528 - "Service Account Logon Event (most probably IIS related)"

Event ID 576  - Records privileges which are "Administrator-equivalent"- privileges which can either be used to elevate to administrator, or to compromise the audit trail.
More info:http://blogs.msdn.com/ericfitz/archive/2005/12/05/500316.aspx
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question