Where does descriptive text come from at the... Expand / Collapse
Author
Message
Posted 8/13/2020 12:03:28 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 2/20/2019 12:23:28 PM
Posts: 1, Visits: 0
At the end of every Event 4624, in the General pane, there is a block of descriptive text about the event. It is identical for every 4624 event. This text doesn't have a field name and it does not appear in the Details, friendly or xml. What is it called? Where does it come from? Can it be suppressed? I am curious because when Windows events are logged to an external server, this text is included but isn't useful.
Thanks in advance for any insight.

This is the text:
This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Post #8651
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 3:31pm