Windows Logon type 2 captured by service accounts

R

rahul1988

Hi ,


We have build a use-case to alert us when there is a interactive login from service accounts in our network . Upon checking with the concerned team they mentioned they are not physically login into any system using those accounts .The events shows logon type 2 however . Can you please assist us what possible could be reason for capturing these logins under logon type 2 .


As per you article

A user can interactively logon to a computer in one of two ways:


  • Locally, when the user has direct physical access to the computer.


  • Remotely, through Terminal Services, in which case the logon is further qualified as remote interactive. Microsoft Terminal Server uses the CredSSP Protocol [MS-CSSP] to securely delegate the user's password or smart card PIN from the client to the server to remotely log on the user and to establish a Terminal Services session.

Continue reading...
 

Similar threads

C
Replies
0
Views
85
CMCCNEP
C
C
Replies
0
Views
166
CAPPON Benjamin
C
Y
Replies
0
Views
22
Yusuf Mehdi, Executive Vice President, Consumer
Y
Back
Top Bottom