What are different logon types?
Logon Types
Logon Number | Logon Type |
---|---|
0 | Used only by the System account |
2 | Interactive: Used to log on at the local console |
3 | Network: Used to access a Windows resource (e.g., shared folder) from a system on the network |
4 | Batch Job: Used to run a scheduled task as a specified account |
What is network logon type?
3: Network logon—This logon occurs when you access remote file shares or printers. Also, most logons to Internet Information Services (IIS) are classified as network logons, other than IIS logons that use the basic authentication protocol (those are logged as logon type 8).
What is Windows event4624?
Event ID 4624 (viewed in Windows Event Viewer) documents every successful attempt at logging on to a local computer. This event is generated on the computer that was accessed, in other words, where the logon session was created. A related event, Event ID 4625 documents failed logon attempts.
What is logon type 4?
Logon type 4: Batch. Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. This event type appears when a scheduled task is about to be started.
Is Winrm interactive logon?
Interactive – typical logon when logging onto the local console or through RDP.
Why is PowerShell remoting so powerful?
PowerShell Remoting holds a ton of potential for incident response. The ability to query large numbers of hosts quickly, using a powerful and flexible scripting language, and doing so in a way that protects privileged accounts is very compelling. And all of this without the need to install agents!
What is a 4 logon Type 4 event?
Logon type 4 events are usually just innocent scheduled tasks startups but a malicious user could try to subvert security by trying to guess the password of an account through scheduled tasks. Such attempts would generate a logon failure event where logon type is 4. But logon failures
What is Type 3 network logon?
Logon Type 3 – Network. Windows logs logon type 3 in most cases when you access a computer from elsewhere on the network. One of the most common sources of logon events with logon type 3 is connections to shared folders or printers. But other over-the-network logons are classed as logon type 3 as well such as most logons to IIS.
What does logon type = 2 mean?
A user logged on to this computer. An event with logon type=2 occurs whenever a user logs on (or attempts to log on) a computer locally, e.g. by typing user name and password on Windows logon prompt. Events with logon type = 2 occur when a user logs on with a local or a domain account.
What is newcredentials in logon type 9?
Logon type 9: NewCredentials. A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. This event occurs when using RunAs command with /netonly option.