SQL Server Audit Log Event ID 24144

SourceSQL Server (LOGbinder SQL)
Action GroupSERVER_PRINCIPAL_IMPERSONATION_GROUP
Windows Security Log
Category
 • Subcategory
Object Access
 • Application Generated
Type Success
Discussions on Event ID 24144
Ask a question about this event

24144: Issued an impersonate within server scope command (action_id IMP class_type LOGIN)

This is an event from SQL Server audit event from LOGbinder SQL generated by Action Group  SERVER_PRINCIPAL_IMPERSONATION_GROUP.

On this page

A command to switch the execution context of the session to the specified server login was issued

Free Security Log Resources by Randy

Description Fields in 24144

FieldDescription
OccurredWhen event was reported by SQL Server
Authorization resultIf the command passed authorization checks
Session IDID of the session on which the event occurred
User
Server
Original context
 LoginOriginal context login
Target context
 IDTarget context ID
 LoginTarget context login
StatementTransact-SQL statement

Setup PowerShell Audit Log Forwarding in 4 Minutes

 

Where Does This Event Come From?

This Event Is Produced By

Which Integrates with Your SIEM

Examples of 24144

Issued an impersonate within server scope command
A command to switch the execution context of the session to the specified server login was issued
Action Group: SERVER_PRINCIPAL_IMPERSONATION_GROUP
Occurred: 8/22/2013 6:07:52.0000000 PM
Authorization result: Access allowed
Session ID: 67
User: LB\Administrator
Server: DEV3
Original Context
  Login: LB\Administrator
Target Context
  ID: 274
  Login: TestLogin3
Statement: ALTER AUTHORIZATION ON DATABASE::[TestDatabase] TO [TestLogin3]

For more information, see http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=24144

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources