Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, April 30, 2015 11:42 AM
Hello
I have event 4624 in Security logs:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 25.03.2015 16:09:07
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: Test-serv.mydomain.local
Description:
An account was successfully logged on.
Subject:
Security ID: SYSTEM
Account Name: Test-serv$
Account Domain: MYDOMAIN.LOCAL
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x2ac
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
I think that it's just a info log about start of some service but I don't understood what kind of service.
What is Logon process "Advapi" (in Detailed Authentication Information)? I can't find info about it. Thanks.
All replies (1)
Friday, May 1, 2015 8:24 AM ✅Answered
Hi HunteR,
Based on my research, Advapi32.dll is an advanced Windows 32 base API DLL file; it is an API services library that supports security and registry calls.
Here are some related articles below for you:
Unknown username or bad password - InetInfo.exe – ADVAPI
How RPC Works
https://technet.microsoft.com/en-us/library/cc738291%28WS.10%29.aspx?f=255&MSPPError=-2147217396
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected].