Logon ID : hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “ 4624: An account was successfully logged on.”
MICROSOFT SYNCTOY SCHEDULED TASK FULL
Uppercase full domain name: CONTOSO.LOCALįor some well-known security principals, such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.įor local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. Lowercase full domain name: contoso.local For more information about SIDs, see Security identifiers.Īccount Name : the name of the account that requested the “create scheduled task” operation.Īccount Domain : subject’s domain or computer name. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Note A security identifier (SID) is a unique value of variable length used to identify a trustee (security principal).
If the SID cannot be resolved, you will see the source data in the event. Event Viewer automatically tries to resolve SIDs and show the account name.
MICROSOFT SYNCTOY SCHEDULED TASK WINDOWS 10
Windows 10 Versions 1903 and above augments the event with these additional properties: T19:03:06.9258653 CONTOSO\\dadmin LeastPrivilege CONTOSO\\dadmin InteractiveToken IgnoreNew true true true false false true false true true false false false P3D 7 C:\\Documents\\listener.exe Note For recommendations, see Security Monitoring Recommendations for this event. This event generates every time a new scheduled task is created. Subcategory: Audit Other Object Access Events
0 kommentar(er)
