Improve company productivity with a Business Account.Sign Up

x
?
Solved

Windows Security Event ID to check for Service account usage

Posted on 2016-09-13
3
Medium Priority
?
294 Views
Last Modified: 2016-09-27
Hi People,

I'm trying to find the usage of a particular DOMAIN\Service-Account usage in my whole AD domain.

Can anyone here please share which Security Event ID should I be looking / monitor or filter for the usage of this particular AD service account ?

So far I only know Security event ID 4624.

Thanks.
0
Comment
3 Comments
 
LVL 2

Assisted Solution

by:Brad99
Brad99 earned 1000 total points
ID: 41795578
Hi,

plz check for example this link http://www.eventtracker.com/newsletters/following-a-users-logon-tracks-throughout-the-windows-domain/

Should help you with other conditions like "user fails authentication" ->  the domain controllers logs event ID 4771 or an audit failure instance 4768 etc.

BR
Emu
1
 
LVL 66

Accepted Solution

by:
btan earned 1000 total points
ID: 41795782
May be good to reference the list of audit scope that will be likely area of interest to surface what that particular account will be involved in besides just logon. I listed some key resources and and the link states the event ID corresponding to the trigger if it happened.
https://technet.microsoft.com/en-us/library/dn319080(v=ws.11).aspx
-Audit Logon
-Audit Logoff
-Audit Special Logon
-Audit Computer Account Management
-Audit User Account Management
-Audit Process Creation
-Audit File Share
-Audit Directory Service Access
-Audit Kernel Object
-Audit Registry
-Audit SAM
-Audit Sensitive Privilege Use
-Audit Non-Sensitive Privilege Use
1
 
LVL 9

Author Closing Comment

by:Senior IT System Engineer
ID: 41819010
Thanks !
0

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Read this tutorial to learn how to fix repeating password error prompts when setting up Gmail IMAP with Microsoft Outlook. The entire process is described with step by step, illustrated instructions. Enjoy...
In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased riskā€¦

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question