General discussion

  • Creator
    Topic
  • #2317450

    Event ID 576 Security Log

    Locked

    by wanna b expert ·

    I understand what this event is and would not question it under normal circumstances. However, my question is, if I have my network unplugged from the outside world (to rule out hackers) and no one is in the building to be able to logon or logoff why would this appear in the event viewer? Could it be a process or application is utilizing the account credentials to do something? If it is then is there a way to track down what process is doing this?

All Comments

  • Author
    Replies
    • #3379974

      Reply To: Event ID 576 Security Log

      by wanna b expert ·

      In reply to Event ID 576 Security Log

      Point value changed by question poster.

    • #3379972

      Reply To: Event ID 576 Security Log

      by gdh19701 ·

      In reply to Event ID 576 Security Log

      It would only generate the event if you have a service that is running that requires authentication (ie., SQL). It will do this for every event that requires authentication of a user account. Drilling down into any of the event files will indicate the user, but most of the time may instead just reveal NT/System.

      You will need to view the services that are running on your machine to determine the actual account that is running the particular service that will cause this event to fire. Pretty much all services running will be in the contect of the Local System, Local Service, Network Service, or an administrator account.

      See http://support.microsoft.com/default.aspx?scid=kb;en-us;264769 for more info on removing successful use of user rights.

      Hope this helps

    • #3379792

      Reply To: Event ID 576 Security Log

      by wanna b expert ·

      In reply to Event ID 576 Security Log

      thanks much

Viewing 2 reply threads