Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 578
  • Last Modified:

Understanding Windows Logon (Security Eventlog)

I try to get more into the Security Eventlog, specialy for Windows Logon/Logoff

Now I found out, every time i log in there are three Login-Events (EventCode 528) written:

============================
20090421160442
      Benutzername:      test

      Domäne:            LENOVO
      Anmeldekennung:            (0x0,0x2520757)
      Anmeldetyp:      2
      Anmeldevorgang:      Advapi  
      Authentifizierungspaket:      Negotiate
      Name der Arbeitsstation:      LENOVO
      Anmelde-GUID:      -

============================
20090421160442
Erfolgreiche Anmeldung:

      Benutzername:      test
      Domäne:            LENOVO
      Anmeldekennung:            (0x0,0x2520517)
      Anmeldetyp:      2
      Anmeldevorgang:      Advapi  
      Authentifizierungspaket:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
      Name der Arbeitsstation:      LENOVO
      Anmelde-GUID:      -

============================
20090421160441
Erfolgreiche Anmeldung:

      Benutzername:      test
      Domäne:            LENOVO
      Anmeldekennung:            (0x0,0x252037E)
      Anmeldetyp:      2
      Anmeldevorgang:      Advapi  
      Authentifizierungspaket:      Negotiate
      Name der Arbeitsstation:      LENOVO
      Anmelde-GUID:      -

I do not understand why there are three logon events, the difference is the Authentificationpackage. Also the Logout Event (Eventcode 538) always happens immediately after the login event was successful.

Could anyone explain me why there are three logon events for one logon and why the logout event is immediately written afterwards?
0
schubduese
Asked:
schubduese
1 Solution
 
jcimarronCommented:
schubduese--I do not understand the reference to "log out" in your question.
But try to get more info from Event Viewer.  
Look into Event Viewer (Start|Administrative Tools|Event Viewer). Click on "System" in the left panel. Do you see RedBall error icon(s) timestamped when the problem occurred?   If so, click on the RedBall. The first message will have some data on what the problem is, but usually it is not too easy to understand. Click the blue go.microsoft.com link.  Send a report to Microsoft.  Another window should open (though it may take some time) which may offer some more understandable info and maybe even a solution.
Note there are three windows to be opened to get all the info.
0
 
schubdueseAuthor Commented:
I think I found the solution:

The multiple Log Ins are written after a Standby of the PC. It just writes one logon and one logoff (that's what i meant with logout) event when the pc has a "normal" startup. It writes multiple Entries after a Standby... strange

jcimarron: I already used the eventviewer to check the events, but thanks for your answer
0
 
Kamran ArshadIT AssociateCommented:
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now