Solved

What audit event creates the Event ID 540 in the Security Log of a DC?

Posted on 2009-05-18
3
368 Views
Last Modified: 2012-05-07
Hi, I was wondering, what audit event creates the Event ID 540 appear in the Security Log of a DC?

Audit account logon events
OR
Audit logon events

Just wondering.

Thanks for your time.

Bob
0
Comment
Question by:rsnellman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24414512
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=540
Randy has a good entry on event 540 here, he says it better than I can :)
Thanks
Mike
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24414571
Event 540 indicates a succuessful logon to a network resource, such as a shared drive.

http://kb.monitorware.com/kbeventdb-detail-id-14.html

As they are logon type 3 (network) they are generated through 'audit logon events'
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 500 total points
ID: 24414633
Description of what's logged through 'Account Logon Events' : http://technet.microsoft.com/en-us/library/cc787176(WS.10).aspx

Description of what's loggeg through 'Logon Events' : http://technet.microsoft.com/en-us/library/cc787567(WS.10).aspx

Each page shows a table of events each audit policy captures.


0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question