difference between 675 and 529 event ids Expand / Collapse
Author
Message
Posted 10/4/2010 4:58:27 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 5/27/2011 5:31:05 AM
Posts: 8, Visits: 13
Hi Randy,

I've just started analyzing Windows event viewer logs (i have knowledge of unix logs but never worked on windows logs before this). I have a query for you:

what is the difference between event ids 675 and 529? I understand both are used to indicate that login / authentication failed for given user, but am not able to decide which event id to focus on.

Thanks,

Mohit Vohra.

Post #489
Posted 11/4/2010 6:28:00 AM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0
That is a big subject.  You can't just choose one or the other because they mean different things and in the case of domain accounts are logged on different systems.  Explaining this takes a whole chapter in my book.  This free webinar Security Log Exposed: What is the Difference Between “Account Logon” and “Logon/Logoff” Events? also helps. 
Post #516
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 2:34pm