C
cmay
Guest
I have a domain controller running Windows 2008 R2 (computer name is hyperv, domain name is cdm.local).
This machine/network is only used by 3 people at the most.
Every couple seconds my Security log shows:
4672 Special Logon
4624 Logon
4634 Logoff
I've read that I can turn off this logging, but this is normal?
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/23/2010 9:53:47 AM
Event ID: 4672
Task Category: Special Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: HyperV.cdm.local
Description:
Special privileges assigned to new logon.
Subject:
Security ID: SYSTEM
Account Name: HYPERV$
Account Domain: CDM
Logon ID: 0x4403fd
Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
SeEnableDelegationPrivilege
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4672</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12548</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2010-07-23T14:53:47.568593200Z" />
<EventRecordID>2207502</EventRecordID>
<Correlation />
<Execution ProcessID="784" ThreadID="1576" />
<Channel>Security</Channel>
<Computer>HyperV.cdm.local</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">HYPERV$</Data>
<Data Name="SubjectDomainName">CDM</Data>
<Data Name="SubjectLogonId">0x4403fd</Data>
<Data Name="PrivilegeList">SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
SeEnableDelegationPrivilege</Data>
</EventData>
</Event>
Continue reading...
This machine/network is only used by 3 people at the most.
Every couple seconds my Security log shows:
4672 Special Logon
4624 Logon
4634 Logoff
I've read that I can turn off this logging, but this is normal?
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/23/2010 9:53:47 AM
Event ID: 4672
Task Category: Special Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: HyperV.cdm.local
Description:
Special privileges assigned to new logon.
Subject:
Security ID: SYSTEM
Account Name: HYPERV$
Account Domain: CDM
Logon ID: 0x4403fd
Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
SeEnableDelegationPrivilege
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4672</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12548</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2010-07-23T14:53:47.568593200Z" />
<EventRecordID>2207502</EventRecordID>
<Correlation />
<Execution ProcessID="784" ThreadID="1576" />
<Channel>Security</Channel>
<Computer>HyperV.cdm.local</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">HYPERV$</Data>
<Data Name="SubjectDomainName">CDM</Data>
<Data Name="SubjectLogonId">0x4403fd</Data>
<Data Name="PrivilegeList">SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
SeEnableDelegationPrivilege</Data>
</EventData>
</Event>
Continue reading...