Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > security log resource center > encyclopedia > event 528

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Windows Security Log Events by ID

look up more events by Event ID or Category

Event ID

528

Title

Successful Logon
Type: Example: Randy's Comments:
Success

OS:

All versions

Category:

Logon/Logoff

Successful Logon:
User Name:administrator
Domain:ELM
Logon ID:(0x0,0x558DD)
Logon Type:2
Logon Process:User32
Authentication Package:Negotiate
Workstation Name:W2MS

Windows XP and Windows Server 2003 add:

Logon GUID:{d39697e4-34a9-b3e0-f30a-d2ba517eb4a2}

Windows Server 2003 adds these fields:

Caller User Name:-
Caller Domain:-
Caller Logon ID:-
Caller Process ID: -
Transited Services: -
Source Network Address:10.42.42.170
Source Port:3165

Event 528 is logged whenver an account logs on to the local computer, except for in the event of network logons (see event 540). Event 528 is logged whether the account used for logon is a local SAM account or a domain account.

For an explanation of the Logon Type field, see Logon Types.For an explanation of the Logon Process field, see event 515. For an explanation of the Authentication Package field, see event 514.

Logon GUID is not documented. It is unclear what purpose the Caller User Name, Caller Process ID, and Transited Services fields serve.

Source Network Address corresponds to the IP address of the Workstation Name. Source Port is the TCP port of the workstation and has dubious value.

Next:

Get all the tools you need in one newsletter!
Free log parser scripts, clear explanations of Microsoft's latest security bulletins, and more. View a sample issue.
Email Address:
Your email address will not be shared. You may unsubscribe at any time.


Upcoming Webinars by Randy Franklin Smith

Beyond Single Event Analysis: Analyzing Multiple Events to Reduce False Positives and Gain Deeper Insight into the Security Log

Auditing File Access with the Windows Server 2008 Security Log: The Good, Bad and Ugly

How to Secure Web Based Applications with 2-Factor Authentication

Eliminating Admin Rights on Workstations and Laptops: Avoiding the Pitfalls and Making it Work in the Real World


Additional Links

A
D
V

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit

Sick of LimitLogin? Get UserLock for real logon control


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map