Trying to find the user that invoked login... Expand / Collapse
Author
Message
Posted 6/16/2012 5:57:40 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 6/16/2012 4:09:59 PM
Posts: 1, Visits: 0
Hi, can you help us with analyzing this two records. Who is the already logged user using those different explicit credentials ? What another interesting data could we know from these records? Thanks a lot!!!

27/03/2012     11:22:15 p.m.     Security     Success Audit     Logon/Logoff     540
NT AUTHORITY\SYSTEM    TC2    “Logon attempt using explicit credentials:
   Logged on user:   
       User Name:  TC2$
       Domain:       MMOV
       Logon ID:   (0x0, 0x3E7)
       Logon GUID: - 
User whose credentials were used:
       Target User Name:  JM_MARTINEZ
       Target Domain: TC2
       Target Logon GUID:  -

Target Server Name: localhost
Target server Info:    localhost
Caller Process ID:    3168
Source Network Address:  1.1.1.1    Fictitious IP. Is different than Win box IP
Source Port:    2459

--------------------------------------------------------------------------------

27/03/2012     11:22:15 p.m.     Security     Success Audit     Logon/Logoff     528
TC2\ JM_MARTINEZ    TC2    “Successful Logon:
       User Name:  JM_MARTINEZ
       Domain:       TC2
       Logon ID:   (0x0, 0x1BB5B564)
       Logon Type:   10
       Logon Process:   User32
       Authentication Package: Negotiate
       Workstation Name:   TC2
       Logon GUID: - 
       Caller User Name:   TC2$
       Caller Domain:   MMOV
       Caller Logon ID:   (0x0, 0x3E7)
       Caller Process ID:    3168
       Transited Services: -
       Source Network Address:  1.1.1.1    Fictitious IP. Is different than Win box IP
       Source Port:    2459

Post #1026
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 6:39pm