Solved

What audit event creates the Event ID 540 in the Security Log of a DC?

Posted on 2009-05-18
3
364 Views
Last Modified: 2012-05-07
Hi, I was wondering, what audit event creates the Event ID 540 appear in the Security Log of a DC?

Audit account logon events
OR
Audit logon events

Just wondering.

Thanks for your time.

Bob
0
Comment
Question by:rsnellman
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24414512
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=540
Randy has a good entry on event 540 here, he says it better than I can :)
Thanks
Mike
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24414571
Event 540 indicates a succuessful logon to a network resource, such as a shared drive.

http://kb.monitorware.com/kbeventdb-detail-id-14.html

As they are logon type 3 (network) they are generated through 'audit logon events'
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 500 total points
ID: 24414633
Description of what's logged through 'Account Logon Events' : http://technet.microsoft.com/en-us/library/cc787176(WS.10).aspx

Description of what's loggeg through 'Logon Events' : http://technet.microsoft.com/en-us/library/cc787567(WS.10).aspx

Each page shows a table of events each audit policy captures.


0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now