We help IT Professionals succeed at work.

Security log details.....Logon

Here is a message i have under event viewer under the security tab under logon 4625

Can someone tell me exactly...in detail...as to what i am looking at....I am assuming that the administrator tried to login remotely to a computer system...

But the system that is showing up...is that the system they was trying to log into or was that the system they was on?????



An account failed to log on.

Subject:
      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            administrator
      Account Domain:            localhost

Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  0xc000006d
      Sub Status:            0xc000006a

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -

Network Information:
      Workstation Name:      Default
      Source Network Address:      192.168.1.29
      Source Port:            49444

Detailed Authentication Information:
      Logon Process:            NtLmSsp
      Authentication Package:      NTLM
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

Comment
Watch Question

Network Information:
      Workstation Name:      Default
      Source Network Address:      192.168.1.29
      Source Port:            49444

This shows that the logon attempt came from 192.168.1.29

Author

Commented:
where it states computer name....is this the computer they attempted it from or is this the computer they where trying to get in????
This would be the computer that the attempt came from as it states source address and port.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.