If you pay attention to the security log of the Windows system, you will find in the event description that the "login type" is not all the same, in addition to the interactive login on the keyboard (login type 1) Are there other types?
Yes, in order for Windows to get more valuable information from the logs, it breaks down a variety of login types so that you can distinguish whether the logged in user is logged in locally or from the network, and More other ways to log in. Knowing these login methods will help you to find suspicious hacks from the event log and be able to determine how they are attacking. Let's take a closer look at the login type of Windows.
Login Type 2: Interactive Login (Interactive)
This should be your first login method. The so-called interactive login means the user is on the computer. The login on the console, which is the login on the local keyboard, but don't forget that logging in via KVM is still an interactive login, although it is web-based.
Login Type 3: Network
When you access a computer from the network, in most cases Windows is type 3, the most common The situation is when connecting to a shared folder or sharing a printer. In most cases, logging in to IIS over the network is also noted as this type, but the basic authentication method for IIS login is an exception, it will be recorded as type 8, as described below.
Login Type 4: Batch (Batch)
When Windows runs a scheduled task, “ Scheduled Task Service will create a new one for this task first. Login session so that it can run under the user account configured by this scheduled task. When this login occurs, Windows is recorded as type 4 in the log. For other types of work task systems, depending on its design, it can also A type 4 login event is generated at the beginning of the work. A type 4 login usually indicates that a scheduled task is started, but it may also be a malicious user guessing the user's password through a scheduled task. This attempt will generate a type 4 login failure event, but This failed login may also be caused by a failure to synchronize changes to the user password of the scheduled task, such as a change in the user's password and a change in the scheduled task.
Login Type 5: Service
Similar to scheduled tasks, each service is configured to run under a specific user account, when a service Initially, Windows first creates a login session for this particular user, which will be recorded as type 5, and failure type 5 usually indicates that the user's password has changed and is not updated here, although this may also be the password of the malicious user. Guessing, but this possibility is relatively small, because creating a new service or editing an existing service requires an administrator or serversoperators by default, and a malicious user of this identity already has sufficient capabilities. To do his bad things, it is no longer necessary to guess the service password.
Previous 12 Next Total 2 Pages
Lenovo Zhaoyang E49 is a calm business notebook computer, it is a classic style of Lenovo has been l
Now many users computers are using broadband connection to access the Internet, but occasionally the
We cant find the added printer on the WinXP computer control panel, printer and fax
WinXP system has a certain limit on the network speed, about 20%, if the user feels
What should I do if the chart system fails to build when WinXP plays DNF?
Computer rookie protection computer has a high trick
Anti-virus should be riddled with roots to use the registry to prevent virus resurrection.
Xp hard disk partitioning follows the 7 principles of
WinXP desktop icon flower screen color solution
Enhance the startup speed of winXP new coup to share
How to use the registry to help you find the software serial number
CUP shows the reason for the high occupancy rate of large resolution
WinXP wireless network settings method
WinXP system verification code does not show how to solve?
What should I do if the WinXP system Svchost.exe application error?
Win10 can not be installed this patch KB3132372 will bring big trouble
XP system recording function use skills
Talking about the startup mode of Windows XP
Win10 official version released 20 days, how many Chinese users have reported this new system
How does Win10 Mobile/PC use random wireless network card MAC address to prevent tracking?
Gossip: Win10 Preview 10100 for Redstone Branch
The first company in the innovation workshop was released. The main Tapas mobile phone system
How to recover the Windows 8 Store that was accidentally deleted
Use external device (optical drive) to install and update library