If you pay attention to the security log of the Windows system, you will find in the event description that the "login type" is not all the same, in addition to the interactive login on the keyboard (login type 1) Are there other types?
Yes, in order for Windows to get more valuable information from the logs, it breaks down a variety of login types so that you can distinguish whether the logged in user is logged in locally or from the network, and More other ways to log in. Knowing these login methods will help you to find suspicious hacks from the event log and be able to determine how they are attacking. Let's take a closer look at the login type of Windows.
Login Type 2: Interactive Login (Interactive)
This should be your first login method. The so-called interactive login means the user is on the computer. The login on the console, which is the login on the local keyboard, but don't forget that logging in via KVM is still an interactive login, although it is web-based.
Login Type 3: Network
When you access a computer from the network, in most cases Windows is type 3, the most common The situation is when connecting to a shared folder or sharing a printer. In most cases, logging in to IIS over the network is also noted as this type, but the basic authentication method for IIS login is an exception, it will be recorded as type 8, as described below.
Login Type 4: Batch (Batch)
When Windows runs a scheduled task, “ Scheduled Task Service will create a new one for this task first. Login session so that it can run under the user account configured by this scheduled task. When this login occurs, Windows is recorded as type 4 in the log. For other types of work task systems, depending on its design, it can also A type 4 login event is generated at the beginning of the work. A type 4 login usually indicates that a scheduled task is started, but it may also be a malicious user guessing the user's password through a scheduled task. This attempt will generate a type 4 login failure event, but This failed login may also be caused by a failure to synchronize changes to the user password of the scheduled task, such as a change in the user's password and a change in the scheduled task.
Login Type 5: Service
Similar to scheduled tasks, each service is configured to run under a specific user account, when a service Initially, Windows first creates a login session for this particular user, which will be recorded as type 5, and failure type 5 usually indicates that the user's password has changed and is not updated here, although this may also be the password of the malicious user. Guessing, but this possibility is relatively small, because creating a new service or editing an existing service requires an administrator or serversoperators by default, and a malicious user of this identity already has sufficient capabilities. To do his bad things, it is no longer necessary to guess the service password.
1, first install in DOS environment, enter DOS and go to the directory disk you want to install WIND
Now, there are more and more friends using high-speed Internet access such as ADSL, LAN and other br
Download a movie, play a game, the computer always appears to be stuck when you open a webpage. This
WinXP enters the welcome interface and then there is a white screen. Nothing is going on. What is go
Optimized Windows XP system suitable for playing games
How does the XP system completely uninstall IE browser?
Recognize the security issues of the XP system default settings
XP system open Excel table is garbled how to solve?
XP Broadband Connection Prompt Error 624 Cannot Write to the Phonebook Solution
Windows system failure quick resolution tips (2)
Thirteen rules that must be observed to maintain XP system security
Gpedit.msc prohibits the running system from being locked. Solution
Play XP system restore and skills
Solve Windows XP can't switch input method problem
System acceleration Starting from the gradual optimization of the XP system (1)
How to modify the IE cache directory under Win10 system
Win7 boot black screen file not found how to
Win8 can not display the wallpaper after changing the lock screen wallpaper.
How to open the win7 group policy
How Win10 adds notepad to the right-click menu
Windows 7 system users have a password how to automatically log in
Win8 system desktop IE10 browser can not open QQ space how to solve
WIN7 operating platform to obtain administrator rights batch
How to disable driver mandatory signature in Win10 environment?