[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

What audit event creates the Event ID 540 in the Security Log of a DC?

Posted on 2009-05-18
3
Medium Priority
?
372 Views
Last Modified: 2012-05-07
Hi, I was wondering, what audit event creates the Event ID 540 appear in the Security Log of a DC?

Audit account logon events
OR
Audit logon events

Just wondering.

Thanks for your time.

Bob
0
Comment
Question by:rsnellman
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24414512
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=540
Randy has a good entry on event 540 here, he says it better than I can :)
Thanks
Mike
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24414571
Event 540 indicates a succuessful logon to a network resource, such as a shared drive.

http://kb.monitorware.com/kbeventdb-detail-id-14.html

As they are logon type 3 (network) they are generated through 'audit logon events'
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 2000 total points
ID: 24414633
Description of what's logged through 'Account Logon Events' : http://technet.microsoft.com/en-us/library/cc787176(WS.10).aspx

Description of what's loggeg through 'Logon Events' : http://technet.microsoft.com/en-us/library/cc787567(WS.10).aspx

Each page shows a table of events each audit policy captures.


0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question