Same Subject Account Name and Account whose... Expand / Collapse
Author
Message
Posted 12/16/2016 5:54:47 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 11/19/2018 9:59:54 PM
Posts: 3, Visits: 5
Since 4648 tracks those events in which accounts use explicit credentials, how is it that both subject account name and account whose credentials were used are same? I have an entry like this where the process name has PowerShell. While this may be safe entry, where is the question of explicit credentials being used?
Post #7295
Posted 12/26/2016 4:03:27 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 237, Visits: 0
Can you provide an example of this event?
Post #7301
Posted 2/27/2017 4:09:54 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 3/1/2017 1:54:19 PM
Posts: 1, Visits: 3
Will this type of logon also generate a 4624?

Post #7322
Posted 3/17/2017 7:57:01 AM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 237, Visits: 0
In some of the cases it does. From the encyclopedia,"Unfortunately this event is also logged in situations where it doesn't seem necessary. For instance logging on interactively to a member server (Win2008 RC1) with a domain account produces an instance of this event in addition to 2 instances of 4624."
Post #7335
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 3:22am

Upcoming Webinars
    Additional Resources