does this mean I was hacked?
Here is another good post on this topic which explains it a bit more than I did :)
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/8bf6a0aa-2069-4bf0-abdd-f7fb84e07aaeBrandon Wilson - Premier Field Engineer (Platforms)
February 7th, 2012 6:18pm
No, this is the SYSTEM account logging on...not an issue, its normal
Brandon Wilson - Premier Field Engineer (Platforms)
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2012 10:10am
Here is another good post on this topic which explains it a bit more than I did :)
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/8bf6a0aa-2069-4bf0-abdd-f7fb84e07aaeBrandon Wilson - Premier Field Engineer (Platforms)
February 9th, 2012 10:11am
-
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/6/2012 4:41:42 PM
Event ID: 4672
Task Category: Special Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: fritz
Description:
Special privileges assigned to new logon.
Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4672</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12548</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2012-02-06T21:41:42.613000000Z" />
<EventRecordID>674</EventRecordID>
<Correlation />
<Execution ProcessID="572" ThreadID="624" />
<Channel>Security</Channel>
<Computer>fritz</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">SYSTEM</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege</Data>
</EventData>
</Event>
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2012 5:09pm
This topic is archived. No further replies will be accepted.
Other recent topics
