Join or sign in Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below. Use Your Email Use FacebookUse Linkedin

Event ID 576 Security Log

Locked

I understand what this event is and would not question it under normal circumstances. However, my question is, if I have my network unplugged from the outside world (to rule out hackers) and no one is in the building to be able to logon or logoff why would this appear in the event viewer? Could it be a process or application is utilizing the account credentials to do something? If it is then is there a way to track down what process is doing this?

Topic

Reply To: Event ID 576 Security Log

In reply to Event ID 576 Security Log

Point value changed by question poster.

Reply To: Event ID 576 Security Log

In reply to Event ID 576 Security Log

It would only generate the event if you have a service that is running that requires authentication (ie., SQL). It will do this for every event that requires authentication of a user account. Drilling down into any of the event files will indicate the user, but most of the time may instead just reveal NT/System.

You will need to view the services that are running on your machine to determine the actual account that is running the particular service that will cause this event to fire. Pretty much all services running will be in the contect of the Local System, Local Service, Network Service, or an administrator account.

See http://support.microsoft.com/default.aspx?scid=kb;en-us;264769 for more info on removing successful use of user rights.

Hope this helps

Reply To: Event ID 576 Security Log

In reply to Event ID 576 Security Log

thanks much

[Author]

Replies