• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 683
  • Last Modified:

What does these events mean

Hi,

What does these events mean.

Successful Logon:
       User Name:      Administrator
       Domain:            DEVELOPMENT
       Logon ID:            (0x0,0x15C45)
       Logon Type:      5
       Logon Process:      Advapi  
       Authentication Package:      Negotiate
       Workstation Name:      DEV-CHEN-MRD100
       Logon GUID:      -
       Caller User Name:      DEV-CHEN-MRD100$
       Caller Domain:      DEVELOPMENT
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID: 440
       Transited Services: -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Another one.

Special privileges assigned to new logon:
       User Name:      
       Domain:            
       Logon ID:            (0x0,0x15C45)
       Privileges:      SeImpersonatePrivilege
                  SeSecurityPrivilege
                  SeBackupPrivilege
                  SeRestorePrivilege
                  SeTakeOwnershipPrivilege
                  SeDebugPrivilege
                  SeSystemEnvironmentPrivilege
                  SeLoadDriverPrivilege
                  SeEnableDelegationPrivilege

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Regards
Sharath
0
bsharath
Asked:
bsharath
  • 5
  • 3
1 Solution
 
mailtosinghsCommented:
that means the administrator account is logged on as service and it has been assigned list of user rights

                 SeSecurityPrivilege
                  SeBackupPrivilege
                  SeRestorePrivilege
                  SeTakeOwnershipPrivilege
                  SeDebugPrivilege
                  SeSystemEnvironmentPrivilege
                  SeLoadDriverPrivilege
                  SeEnableDelegationPrivilege

these rights are system names of different rights available to configure in the user rights assignment group policy options.
0
 
bsharathAuthor Commented:
Does this mean the administrator has logged in through Mstsc/Console ?
0
 
mailtosinghsCommented:


SeSecurityPrivilege "Manage Auditing and Security Log "
SeBackupPrivilege "Back up files and directories"
SeRestorePrivilege "Restore files and directories"
SeTakeOwnershipPrivilege "Take ownership of files or other objects"
SeDebugPrivilege "Debug programs"
SeSystemEnvironmentPrivilege "Modify firmware environment values"
SeLoadDriverPrivilege "Load and unload device drivers"
SeEnableDelegationPrivilege "nable computer and user accounts to be trusted for delegation"



complete list of rights with system names and familiar names

http://www.ss64.com/nt/ntrights.html

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
mailtosinghsCommented:
it means that there are any services which are running with the administrator user credential.

if this is mstsc/remote logon the logon type must be 3
0
 
bsharathAuthor Commented:
If i am not wrong the logon type 3 means Network/Printer access .Not Mstsc
0
 
mailtosinghsCommented:
yes you are right

it is the log on type 10 for mstsc
0
 
bsharathAuthor Commented:
Then what does this even mean....

Successful Logon:
       User Name:      Administrator
       Domain:            DEVELOPMENT
       Logon ID:            (0x0,0x15C45)
       Logon Type:      5
       Logon Process:      Advapi  
       Authentication Package:      Negotiate
       Workstation Name:      DEV-CHEN-MRD100
       Logon GUID:      -
       Caller User Name:      DEV-CHEN-MRD100$
       Caller Domain:      DEVELOPMENT
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID: 440
       Transited Services: -
       Source Network Address:      -
       Source Port:      -
0
 
mailtosinghsCommented:
this means administrator account is logged on as service or a service is started with the credential of user "administrator".
this event says that this logon is on system "DEV-CHEN-MRD100" in the domain "DEVELOPMENT"
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now