Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
General
Off-Topic
Event Viewer Experts please help!
TechnicalJay
Hi Guys,
I was off for the weekend and had yesterday off as it was a Holiday here in Canada. I got into work today and my account was logged in. I might have forgot to log off on Friday but I'm 99% sure I did. I have no clue about the Event Viewer but I noticed that there were logs under the security section saying
Special privileges assigned to new logon
An account was successfully logged on.
This was at almost 1AM Aug2!!
There are also multiple times such as 12:55am, 12:45am, 12:00am etc all saying special logon, logoff, logon
My account was also changed on windows to Database admin. I have MySQL installed on my computer and the first thing I noticed when I got into work today was a CMD prompt about MySQL saying MySQL running in community mode and then something about remote connection failed. I do have remote connection turned off on this computer.
There are cleaners that come around the office when people are gone. Is this a possibility that a cleaner was messing around with my computer? I don't understand how anyone could have my password though and log off and on.
Any input would be helpful.
Thanks
Find more posts tagged with
Comments
gespenstern
Pay attention to logon type. You are looking for interactive logon as other types of logons happen all the time without explicit user's consent.
Interactive logon is logon type 2.
Here's more info on that:
Logon Type Codes Revealed
Look for all 4624/4634 events and surrounding events in security log, also may want to review system and application as they may have some useful information on profile gets created/modified, programs started, etc.
TechnicalJay
Thank you
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
