Logon Type in 672 Events Expand / Collapse
Author
Message
Posted 7/10/2011 8:54:17 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 7/10/2011 8:31:35 AM
Posts: 1, Visits: 0
Hello,

I am seeing tons of 672 events with logon type 2.  I have a couple questions assuming 672 are generated on domain controllers both when a user tries to logon to the console of a member server, and when trying to access a share from one member server/workstation to another member server.

1. Is this indicative of a user logging onto the console when i see the logon type 2 (or logon type 10 in the case of RDP access)?

2. In the case of a user accessing a share on a member server from a server/workstation that the user is already authenticated, what does the logon type refer to in this case?

Maybe my assumptions are incorrect about the workings of 672, but I am seeing what looks like thousands of console logons to my member servers!

Please advise,

Regards,

Chris

Post #766
Posted 7/11/2011 9:03:36 AM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0
Chris,

Not sure what field you are confusing as logon type in 672 but logon type isn't provided in Account Logon (aka Authentication) events - only in logon events like 528 and 540. 

RFS

Post #767
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 6:25pm