כחלק מהבדיקות הרבות שאני מבצע , אני מתיחחס גם לEVENT LOGS בתחנה וב DC לגבי אירועי LOGON\OFF
אך מתקשה לזכור את ה EVENT ID הרלוונטיים.
אז הנה רשימה קצרה לתזכורת (xp 2000):
לרשימה המלאה:
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx
528 - Successful Logon
529 - Logon Failure - Unknown user name or bad password
530 - Logon Failure - Account logon time restriction violation
531 - Logon Failure - Account currently disabled
533 - Logon Failure - User not allowed to logon at this computer
534 - Logon Failure - The user has not been granted the requested logon type at this machine
534 - Logon Failure - The user has not been granted the requested logon type at this machine
535 - Logon Failure - The specified account's password has expired
536 - Logon Failure - The NetLogon component is not active
537 - Logon failure - The logon attempt failed for other reasons
538 - User Logoff
539 - Logon Failure - Account locked out
551 - User initiated logoff
552 - Logon attempt using explicit credentials
682 - Session reconnected to winstation
683 - Session disconnected from winstation
