Log secret Windows login type know how much

If you look at the Windows system's security log, in those event descriptions you will notice that the "logging type" is not all the same, and that there are other types besides the interactive login on the keyboard (log type 1)?

Yes, Windows is a great way to get more valuable information from the logs, and it has a lot of logging types in order to let you log in to the local records, from the Web, and many other ways of logging. Knowing these logging methods will help you discover suspicious hackers from the event log and be able to judge the way they are attacked. Let's take a closer look at the Windows logging type.

　　 Logging Type 2: Interactive login (Interactive)

This should be your first sign of logging, called Interactive logging, which is a login on the computer's console, that is, a login on the local keyboard, but don't forget that the KVM login is still an interactive login, although it is based on a network. ".".

　　 Logging Type 3: network

When you're visiting a computer from a network, in most cases Windows Notes Type 3, and the most common scenario is when you connect to a shared folder or to a shared print machine. And most of the time it's been written in IIS, but the basic proof of IIS logging is an exception, and it will be remembered as type 8, as described below.

Logging Type 4: batching (Batch)

When Windows runs a planning task, "Planning Service" will create a new login for this task, so that it can be run by the user mega configured for this task, and when this is logged, Windows is recording type 4 in the log, and for other types of work-based tasks, the system, Depending on its design, it is also possible to generate a 4 logging event at the beginning of the work, type 4 logging usually indicates that a project task is initiated, but it may also be a malicious user to guess the user's password through the planning task, which will produce a type 4 record failure event, But this failed login may also be due to the failure of the user password of the project to synchronize changes, such as user password changes, and forget to make changes in the planning task.

　　Logging Type 5: service

As with the planning task, each service is configured to run under a specific user mega, when a service starts, Windows first creates a login for this particular user, which will be remembered as type 5, and the failure of type 5 usually indicates that the user's password has changed and has not been updated, Of course this may also be caused by the malicious user's password guessing, but this is less likely because creating a new service or editing an existing service is required to be an administrator or serversoperators identity, and this kind of identity is a malicious user, and it can be Already have enough ability to do his bad things, has not been able to use the power to guess the service password.

　　Logging Type 7: Unlocking (Unlock)

You may want to automatically start a password-protected screensaver when a user leaves his computer, and the workstation when an account is unlocked, Windows will think of this unlock operation as a Type 7 login, and the failed Type 7 record indicates that someone has entered the wrong password or someone is trying to unlock the computer, "he says.
Source: http://www.windows5.online/windows/windowsjc/windowsjq/201702/63503.html

Log secret Windows login type know how much