Solved

Windows Security Event ID to check for Service account usage

Posted on 2016-09-13
3
132 Views
Last Modified: 2016-09-27
Hi People,

I'm trying to find the usage of a particular DOMAIN\Service-Account usage in my whole AD domain.

Can anyone here please share which Security Event ID should I be looking / monitor or filter for the usage of this particular AD service account ?

So far I only know Security event ID 4624.

Thanks.
0
Comment
3 Comments
 
LVL 2

Assisted Solution

by:Brad99
Brad99 earned 250 total points
ID: 41795578
Hi,

plz check for example this link http://www.eventtracker.com/newsletters/following-a-users-logon-tracks-throughout-the-windows-domain/

Should help you with other conditions like "user fails authentication" ->  the domain controllers logs event ID 4771 or an audit failure instance 4768 etc.

BR
Emu
1
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 41795782
May be good to reference the list of audit scope that will be likely area of interest to surface what that particular account will be involved in besides just logon. I listed some key resources and and the link states the event ID corresponding to the trigger if it happened.
https://technet.microsoft.com/en-us/library/dn319080(v=ws.11).aspx
-Audit Logon
-Audit Logoff
-Audit Special Logon
-Audit Computer Account Management
-Audit User Account Management
-Audit Process Creation
-Audit File Share
-Audit Directory Service Access
-Audit Kernel Object
-Audit Registry
-Audit SAM
-Audit Sensitive Privilege Use
-Audit Non-Sensitive Privilege Use
1
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 41819010
Thanks !
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now