Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > security log resource center > encyclopedia > event 552

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Windows Security Log Events by ID

look up more events by Event ID or Category

Event ID

552

Title

Logon attempt using explicit credentials
Type: Example: Randy's Comments:
Success

OS:

Windows 2003

Category:

Logon/Logoff

Logon attempt using explicit credentials:
Logged on user:
User Name: MTG1$
Domain: MTG
Logon ID: (0x0,0x3E7)
Logon GUID: -
User whose credentials were used:
Target User Name: bozo
Target Domain: MTG
Target Logon GUID: {8e3681a4-23bd-54ef-89bb-20b3b12e3512}

Target Server Name: localhost
Target Server Info: localhost
Caller Process ID: 960
Source Network Address: -
Source Port: -

Event 552 is logged when a process logs on as a different account such as when the Scheduled Tasks service starts a task as the specified user. Logged on user: specifies the original user account.

User whose credentials were userd: specifies the new user account. Caller process ID: the process that performed this action. Look for a prior event 592 with the same process id. Target Server Name and Info have always been observed as "local host" and source network address and port as empty.

Next:

Get all the tools you need in one newsletter!
Free log parser scripts, clear explanations of Microsoft's latest security bulletins, and more. View a sample issue.
Email Address:
Your email address will not be shared. You may unsubscribe at any time.


Upcoming Webinars by Randy Franklin Smith

How to Secure Web Based Applications with 2-Factor Authentication

Eliminating Admin Rights on Workstations and Laptops: Avoiding the Pitfalls and Making it Work in the Real World

Beyond Single Event Analysis: Analyzing Multiple Events to Reduce False Positives and Gain Deeper Insight into the Security Log

Auditing File Access with the Windows Server 2008 Security Log: The Good, Bad and Ugly


Additional Links

A
D
V

Sick of LimitLogin? Get UserLock for real logon control

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map