Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, July 6, 2016 3:20 PM
Hello!
I am looking through the security logs on my Windows 10 computer and came across something strange. The event details are as follows:
Security ID: NULL SID
Account Name: -
Account Domain -
Logon ID: 0x0
Logon Type: 0
Restricted Admin Mode -
Virtual Account: No
Elevated Token: Yes
Impersonation Level: -
This kind of worries me as my IDS picked up a port scan looking from nmap on linux.
Could this indicate a breach?
Thanks in advance.
All replies (1)
Thursday, July 7, 2016 9:49 AM âś…Answered
Hi e.xpect,
SID's are used by the security system to identify accounts. So that means any account outside the security subsystem wouldn't have need of a SID when working with local resources. I suppose that Local SYSTEM accounts are outside the security subsystem.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684190(v=vs.85).aspx
Also please check the link below about Group Policy under Security Options.
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Hope it will be helpful to you
Please mark the reply as an answer if you find it is helpful.
If you have feedback for TechNet Support, contact [email protected]