Event submitted by Event Log Doctor
Event ID:
4624
Source:
Security
Category:
Logon/Logoff

Message:
An account was successfully logged on.

Subject:
Security ID: NT AUTHORITY\SYSTEM
Account Name: WORKSTATION123$
Account Domain: CORPDOMAIN
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: CORPDOMAIN\john.doe
Account Name: john.doe
Account Domain: CORPDOMAIN
Logon ID: 0xf3e668
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x314
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: WORKSTATION123
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0







Solution by Event Log Doctor

2013-02-11 15:32:24 UTC

This event is logged on Vista and later machines when a user successfully logs on to Windows. The event is logged on the machine which is being accessed.

The logon type indicates how the user logged on:

2: Interactive (physical logon)
3: Network
4: Batch (scheduled task executed under this user)
5: Service (service runs under this user)
7: Unlock (workstation/server was unlocked)
8: NetworkClearText (usually used with IIS)
9: NewCredentials (allows cloning of token)
10: RemoteInteractive (RDP, terminal services, remote assistance logons)
11: CachedInteractive (logons when domain is unavailable, e.g. from laptops)
12: CachedRemoteInteractive
13: CachedUnlock

The "Source Network Address" shows the IP address from which the logon originated, usually 127.0.0.1 when the logon was a logon type 2. For remote desktop sessions, this will show the IP address of the remote host from which the RDP connection is coming.



User Information
 
Only an Email address is required for returning users.

Hide Name

Solution

Additional Links