Archived from groups: microsoft.public.win2000.security (
More info?)
Assuming that the necessary events are enabled for auditing, when you logon
to a domain computer as a domain user an "account logon" event is recorded
in the security log on the domain controller that authenticated you and a
"logon" event is recorded in the security log of the domain computer you
logged onto.
If you map a share, or use Network Places to access a share on a domain
computer a "logon" event is recorded in the security log of the domain
computer itself. Few people seem to understand this correctly. --- Steve
"djc" <noone@nowhere.com> wrote in message
news:usxlK3xpEHA.4004@TK2MSFTNGP10.phx.gbl...
> Hey Steven,
> Thanks for the reply. Please see inline for a clarification questions. You
> also replied to a different issue I had with regard to misinformation with
> this same book. I don't know why I'm still reading it.
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:WIX6d.82369$wV.39078@attbi_s54...
> > You are correct. Account logon events are recorded on the computer that
> > authenticates the user
> (ok.. yep) - domain controller for domain user and local
> > computer for local account
> (ok.. yep.. still with you). Logon events are recorded when a user
accesses
> a
> > share
> (A: with you but with question; see below) or logs onto a domain computer
> (B: this is where I need clarificaiton: what exactly do you mean by 'logs
> onto a domain computer'?). --- Steve
>
> A: where would this type be logged? in the security log of the system
> running the server.exe service?
> B: what constitutes logging on to a domain computer in this context?
opening
> up a mapped drive? navigating through network neighborhood to a server
> share? using a UNC path to a server share? When I read your response I
feel
> like I'm with you all the way until this last part really, because 'logs
> onto a domain computer' sounds like a ctr+alt+del interactive login to me.
>
> I know, I'm hard headed... but I appreciated your help. I will read the
> links you provided as well. Thanks.
>
> >
> >
http://www.microsoft.com/technet/security/guidance/secmod144.mspx --
> > probably better source than your book.
> >
>
http://www.amazon.com/exec/obidos/ASIN/0735618682/qid%3D1030669239/sr%3D11-1/ref%3Dsr%5F11%5F1/104-2211302-2359957
> > -- good book on Microsoft security.
> >
> > "djc" <noone@nowhere.com> wrote in message
> > news:uDi47LxpEHA.132@TK2MSFTNGP14.phx.gbl...
> > >I just had a book tell me that Logon Events were users interactively
> > >logging
> > > onto a computer or the domain (after hitting ctr+alt+del, for example)
> and
> > > that Account Logon events were users connecting to remote machines for
> > > resourse usage (connecting to a shared folder, for example)
> > >
> > > isn't this backwards? isn't the opposite the truth?
> > >
> > >
> >
> >
>
>
Facebook
Twitter
Instagram