Forum

Ultimate Windows Security Forum » Security Log » 552 - Logon attempt using explicit... » Why Enterprise Admin Rights

Why Enterprise Admin Rights Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
tnrdhdhllblly
Posted 8/30/2009 10:13:57 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 8/30/2009 10:00:19 PM
Posts: 1, Visits: 0
Why would a domain user want to use explicit rights as the enterprise domain admin to logon?  Please see example with confidential details changed.

Audit Success1/28/20096:20:24 PM552SecurityLogon/Logoff\SYSTEMCOMPUTER
Logon attempt using explicit credentials:
Logged on user:
User Name: domain user
Domain: domain
Logon ID: (******)
Logon GUID: {****}
User whose credentials were used:
Target User Name: administrator
Target Domain: DOMAIN
Target Logon GUID: {*****}

Target Server Name: (null)
Target Server Info: (null)
Caller Process ID: (null)
Source Network Address: (null)
Source Port: (null)
Caller Process Name: (null)
Post #194
RandyFranklinSmith
Posted 9/1/2009 6:16:36 AM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 142, Visits: 0
look at who the domain user is.  most likely this is

- a legit admin following best practive of using 2 accounts (1 unprivileged, 1 privileged) and then using RunAs to open an admin program requiring his privileged account

- task scheduler starting up a logon session for a program to run under admin authority

Post #197
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 2:03am