General discussion

Locked

Event ID 576 Security Log

By Wanna B Expert ·
I understand what this event is and would not question it under normal circumstances. However, my question is, if I have my network unplugged from the outside world (to rule out hackers) and no one is in the building to be able to logon or logoff why would this appear in the event viewer? Could it be a process or application is utilizing the account credentials to do something? If it is then is there a way to track down what process is doing this?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Wanna B Expert In reply to Event ID 576 Security Log

Point value changed by question poster.

Collapse -

by gdh19701 In reply to Event ID 576 Security Log

It would only generate the event if you have a service that is running that requires authentication (ie., SQL). It will do this for every event that requires authentication of a user account. Drilling down into any of the event files will indicate the user, but most of the time may instead just reveal NT/System.

You will need to view the services that are running on your machine to determine the actual account that is running the particular service that will cause this event to fire. Pretty much all services running will be in the contect of the Local System, Local Service, Network Service, or an administrator account.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;264769 for more info on removing successful use of user rights.

Hope this helps

Collapse -

by Wanna B Expert In reply to Event ID 576 Security Log

thanks much

Back to Windows Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums