Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows Security Event ID to check for Service account usage

Posted on 2016-09-13
3
Medium Priority
?
284 Views
Last Modified: 2016-09-27
Hi People,

I'm trying to find the usage of a particular DOMAIN\Service-Account usage in my whole AD domain.

Can anyone here please share which Security Event ID should I be looking / monitor or filter for the usage of this particular AD service account ?

So far I only know Security event ID 4624.

Thanks.
0
Comment
3 Comments
 
LVL 2

Assisted Solution

by:Brad99
Brad99 earned 1000 total points
ID: 41795578
Hi,

plz check for example this link http://www.eventtracker.com/newsletters/following-a-users-logon-tracks-throughout-the-windows-domain/

Should help you with other conditions like "user fails authentication" ->  the domain controllers logs event ID 4771 or an audit failure instance 4768 etc.

BR
Emu
1
 
LVL 66

Accepted Solution

by:
btan earned 1000 total points
ID: 41795782
May be good to reference the list of audit scope that will be likely area of interest to surface what that particular account will be involved in besides just logon. I listed some key resources and and the link states the event ID corresponding to the trigger if it happened.
https://technet.microsoft.com/en-us/library/dn319080(v=ws.11).aspx
-Audit Logon
-Audit Logoff
-Audit Special Logon
-Audit Computer Account Management
-Audit User Account Management
-Audit Process Creation
-Audit File Share
-Audit Directory Service Access
-Audit Kernel Object
-Audit Registry
-Audit SAM
-Audit Sensitive Privilege Use
-Audit Non-Sensitive Privilege Use
1
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 41819010
Thanks !
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article on how to answer questions, earn points and become an expert.
ITIL has an elaborate incident management framework. This article serves as a starter for those who'd like to know more or need to suss out the baseline elements in a typical incident response execution plan on the "need to have" and the "good to ha…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question