Windows Security Log Event ID 515
Operating Systems |
Windows Server 2000
Windows 2003 and XP
|
Category | System |
Type
|
Success
|
Corresponding events
in Windows
2008 and Vista |
4611
|
515: A trusted logon process has registered with the Local Security Authority
On this page
An occurrence of event 515 is logged at startup and occasionally afterwards for each logon process on the system.
A logon process is a trusted part of the operating system and handles the overall logon function for different logon methods including incoming RAS connections, RunAs, interactive logons initiated by CtrlAltDel, and network logons (as in drive mappings).
Because logon processes are such trusted functions, a rogue logon process would be a devastating security breach--but an improbable one, given the effort and skill required.
Standard logon process for Windows Server 2003:
- KSecDD
- RASMAN
- Secondary Logon Service
- LAN Manager Workstation Service
- CHAP
- DCOMSCM
- Winlogon
- Winlogon\MSGina
Free Security Log Resources by Randy
- Logon Process Name: name of the logon process
Setup PowerShell Audit Log Forwarding in 4 Minutes