none
EVENT LOG SECURITY RRS feed

  • Question

  • CAN SOMEONE PLEASE TELL ME IF THIS IS SOMEONE GETTING ONTO MY COMPUTER OR IF IS JUST PART OF SOMEKIND OF INTERNAL PROGRAMMING?

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          6/9/2019 3:48:46 AM
    Event ID:      4672
    Task Category: Special Logon
    Level:         Information
    Keywords:      Audit Success
    User:          N/A
    Computer:      1VHC1BIABU4RV
    Description:
    Special privileges assigned to new logon.
    Subject:
     Security ID:  SYSTEM
     Account Name:  SYSTEM
     Account Domain:  NT AUTHORITY
     Logon ID:  0x3E7

    Privileges:  SeAssignPrimaryTokenPrivilege
       SeTcbPrivilege
       SeSecurityPrivilege
       SeTakeOwnershipPrivilege
       SeLoadDriverPrivilege
       SeBackupPrivilege
       SeRestorePrivilege
       SeDebugPrivilege
       SeAuditPrivilege
       SeSystemEnvironmentPrivilege
       SeImpersonatePrivilege
       SeDelegateSessionUserImpersonatePrivilege
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <EventID>4672</EventID>
        <Version>0</Version>
        <Level>0</Level>
        <Task>12548</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8020000000000000</Keywords>
        <TimeCreated SystemTime="2019-06-09T10:48:46.683537700Z" />
        <EventRecordID>589</EventRecordID>
        <Correlation ActivityID="{261707A2-1EAC-0001-C207-1726AC1ED501}" />
        <Execution ProcessID="972" ThreadID="12848" />
        <Channel>Security</Channel>
        <Computer>1VHC1BIABU4RV</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="SubjectUserSid">S-1-5-18</Data>
        <Data Name="SubjectUserName">SYSTEM</Data>
        <Data Name="SubjectDomainName">NT AUTHORITY</Data>
        <Data Name="SubjectLogonId">0x3e7</Data>
        <Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege
       SeTcbPrivilege
       SeSecurityPrivilege
       SeTakeOwnershipPrivilege
       SeLoadDriverPrivilege
       SeBackupPrivilege
       SeRestorePrivilege
       SeDebugPrivilege
       SeAuditPrivilege
       SeSystemEnvironmentPrivilege
       SeImpersonatePrivilege
       SeDelegateSessionUserImpersonatePrivilege</Data>
      </EventData>

    AND WHY HAS  MY 'FORWARDED EVENTS' BEEN DISABLED?


    • Edited by MAYBERRY1 Sunday, June 9, 2019 1:20 PM
    Sunday, June 9, 2019 1:19 PM