Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows Security Event ID to check for Service account usage

Posted on 2016-09-13
3
Medium Priority
?
263 Views
Last Modified: 2016-09-27
Hi People,

I'm trying to find the usage of a particular DOMAIN\Service-Account usage in my whole AD domain.

Can anyone here please share which Security Event ID should I be looking / monitor or filter for the usage of this particular AD service account ?

So far I only know Security event ID 4624.

Thanks.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Assisted Solution

by:Brad99
Brad99 earned 1000 total points
ID: 41795578
Hi,

plz check for example this link http://www.eventtracker.com/newsletters/following-a-users-logon-tracks-throughout-the-windows-domain/

Should help you with other conditions like "user fails authentication" ->  the domain controllers logs event ID 4771 or an audit failure instance 4768 etc.

BR
Emu
1
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 41795782
May be good to reference the list of audit scope that will be likely area of interest to surface what that particular account will be involved in besides just logon. I listed some key resources and and the link states the event ID corresponding to the trigger if it happened.
https://technet.microsoft.com/en-us/library/dn319080(v=ws.11).aspx
-Audit Logon
-Audit Logoff
-Audit Special Logon
-Audit Computer Account Management
-Audit User Account Management
-Audit Process Creation
-Audit File Share
-Audit Directory Service Access
-Audit Kernel Object
-Audit Registry
-Audit SAM
-Audit Sensitive Privilege Use
-Audit Non-Sensitive Privilege Use
1
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 41819010
Thanks !
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question