Windows Security Log Event ID 515

Operating Systems Windows Server 2000
Windows 2003 and XP
CategorySystem
Type Success
Corresponding events
in Windows 2008
and Vista
4611  
Discussions on Event ID 515
event id 515 dcomscm
515 as noise?

515: A trusted logon process has registered with the Local Security Authority

On this page

An occurrence of event 515 is logged at startup and occasionally afterwards for each logon process on the system.

A logon process is a trusted part of the operating system and handles the overall logon function for different logon methods including incoming RAS connections, RunAs, interactive logons initiated by CtrlAltDel, and network logons (as in drive mappings).

Because logon processes are such trusted functions, a rogue logon process would be a devastating security breach--but an improbable one, given the effort and skill required.

Standard logon process for Windows Server 2003: 

  • KSecDD
  • RASMAN
  • Secondary Logon Service
  • LAN Manager Workstation Service
  • CHAP
  • DCOMSCM
  • Winlogon
  • Winlogon\MSGina

Free Security Log Resources by Randy

Description Fields in 515

  • Logon Process Name: name of the logon process

Supercharger Free Edition

 

Your entire Windows Event Collection environment on a single pane of glass.

Free.

 

Examples of 515

A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.
 
 Logon Process Name: Schannel

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources