What audit event creates the Event ID 540 in the Security Log of a DC?

Hi, I was wondering, what audit event creates the Event ID 540 appear in the Security Log of a DC?

Audit account logon events
OR
Audit logon events

Just wondering.

Thanks for your time.

Bob
rsnellmanIT ManagerAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
bluntTonyConnect With a Mentor Commented:
Description of what's logged through 'Account Logon Events' : http://technet.microsoft.com/en-us/library/cc787176(WS.10).aspx

Description of what's loggeg through 'Logon Events' : http://technet.microsoft.com/en-us/library/cc787567(WS.10).aspx

Each page shows a table of events each audit policy captures.


0
 
Mike KlineCommented:
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=540
Randy has a good entry on event 540 here, he says it better than I can :)
Thanks
Mike
0
 
bluntTonyCommented:
Event 540 indicates a succuessful logon to a network resource, such as a shared drive.

http://kb.monitorware.com/kbeventdb-detail-id-14.html

As they are logon type 3 (network) they are generated through 'audit logon events'
0
All Courses

From novice to tech pro — start learning today.