Logon Operations
Bu olay kategorisi içinde ajanlar üzerinden Windows sistemlere yapılmış tüm oturum işlemleri yer almaktadır. her bir alt kategori ayrı ayrı seçilebilir.
Successful Logon
1
Logon Operations
Top Level Category Name.
2
Successful Logon
Second Level Category Name.
3
SamAccountName: DOMAIN/UserName
SamAccountName of the logged on user.
4
LogonType: Remote
Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote
5
ComputerName: DOMAIN/ServerName
The name of the computer the user is logged on to.
6
IpAddress: 192.168.1.10
The IP address of the computer the user is logged on to.
7
ScopeId: 2000
The scope id of Successful Logon operation. a. 1000 for Interactive b. 2000 for Remote
8
ES-520
Troubleshooting reference code of this type of event.
Logoff
1
Logon Operations
Top Level Category Name
2
Logoff
Second Level Category Name
3
SamAccountName: DOMAIN/UserName
SamAccountName of the logged off user.
4
LogonType: Remote
Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote
5
ComputerName: DOMAIN/ServerName
The name of the computer the user is logged off to.
6
IpAddress: 192.168.1.10
The IP address of the computer the user is logged off to.
7
ScopeId: 2003
The scope id of Logoff operation a. 1003 for Interactive b. 2003 for Remote
8
ES-423
Troubleshooting reference code of this type of event.
Lock
1
Logon Operations
Top Level Category Name
2
Lock
Second Level Category Name
3
SamAccountName: DOMAIN/UserName
SamAccountName of the locked user.
4
LogonType: Remote
Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote
5
ComputerName: DOMAIN/ServerName
The name of the computer the user is locked.
6
IpAddress: 192.168.1.10
The IP address of the computer the user is locked.
7
ScopeId: 2002
The scope id of Lock operation a. 1002 for Interactive b. 2002 for Remote
8
ES-1069
Troubleshooting reference code of this type of event.
Unlock
1
Logon Operations
Top Level Category Name
2
Unlock
Second Level Category Name
3
SamAccountName: DOMAIN/UserName
SamAccountName of the unlocked user.
4
LogonType: Remote
Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote
5
ComputerName: DOMAIN/ServerName
The name of the computer the user is unlocked.
6
IpAddress: 192.168.1.10
The IP address of the computer the user is unlocked.
7
ScopeId: 2001
The scope id of Unlock operation a. 1001 for Interactive b. 2001 for Remote
8
ES-423
Troubleshooting reference code of this type of event.
Last updated