some help on Event 540
Does the event 540 help me to distinguish between user and administrator access?
This event is generated ypon successfull logon, but logon to what exactly? Could be a successful logon to everything on the system?
Is there any other way to log the administrator access to the system itself using Event viewer?
Thank you for your valuable response
Georges
June 19th, 2011 6:12pm
Hi,
As far as I know, we cannot distinguish between user and administrator access from event 540. For more information, please refer to:
Event ID: 540
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.0&EvtID=540&EvtSrc=Security&LCID=1033
Events 528 and 540
http://blogs.msdn.com/b/ericfitz/archive/2004/12/09/279282.aspx
Regards,
Bruce
This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your
question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2011 1:24am