R
rahul1988
Hi ,
We have build a use-case to alert us when there is a interactive login from service accounts in our network . Upon checking with the concerned team they mentioned they are not physically login into any system using those accounts .The events shows logon type 2 however . Can you please assist us what possible could be reason for capturing these logins under logon type 2 .
As per you article
A user can interactively logon to a computer in one of two ways:
Continue reading...
We have build a use-case to alert us when there is a interactive login from service accounts in our network . Upon checking with the concerned team they mentioned they are not physically login into any system using those accounts .The events shows logon type 2 however . Can you please assist us what possible could be reason for capturing these logins under logon type 2 .
As per you article
A user can interactively logon to a computer in one of two ways:
Locally, when the user has direct physical access to the computer.
Remotely, through Terminal Services, in which case the logon is further qualified as remote interactive. Microsoft Terminal Server uses the CredSSP Protocol [MS-CSSP] to securely delegate the user's password or smart card PIN from the client to the server to remotely log on the user and to establish a Terminal Services session.
Continue reading...