Event Viewer Experts please help!
TechnicalJay
Member Posts: 219 ■■■□□□□□□□
in Off-Topic
Hi Guys,
I was off for the weekend and had yesterday off as it was a Holiday here in Canada. I got into work today and my account was logged in. I might have forgot to log off on Friday but I'm 99% sure I did. I have no clue about the Event Viewer but I noticed that there were logs under the security section saying
Special privileges assigned to new logon
An account was successfully logged on.
This was at almost 1AM Aug2!!
There are also multiple times such as 12:55am, 12:45am, 12:00am etc all saying special logon, logoff, logon
My account was also changed on windows to Database admin. I have MySQL installed on my computer and the first thing I noticed when I got into work today was a CMD prompt about MySQL saying MySQL running in community mode and then something about remote connection failed. I do have remote connection turned off on this computer.
There are cleaners that come around the office when people are gone. Is this a possibility that a cleaner was messing around with my computer? I don't understand how anyone could have my password though and log off and on.
Any input would be helpful.
Thanks
I was off for the weekend and had yesterday off as it was a Holiday here in Canada. I got into work today and my account was logged in. I might have forgot to log off on Friday but I'm 99% sure I did. I have no clue about the Event Viewer but I noticed that there were logs under the security section saying
Special privileges assigned to new logon
An account was successfully logged on.
This was at almost 1AM Aug2!!
There are also multiple times such as 12:55am, 12:45am, 12:00am etc all saying special logon, logoff, logon
My account was also changed on windows to Database admin. I have MySQL installed on my computer and the first thing I noticed when I got into work today was a CMD prompt about MySQL saying MySQL running in community mode and then something about remote connection failed. I do have remote connection turned off on this computer.
There are cleaners that come around the office when people are gone. Is this a possibility that a cleaner was messing around with my computer? I don't understand how anyone could have my password though and log off and on.
Any input would be helpful.
Thanks
Comments
-
gespenstern Member Posts: 1,243 ■■■■■■■■□□Pay attention to logon type. You are looking for interactive logon as other types of logons happen all the time without explicit user's consent.
Interactive logon is logon type 2.
Here's more info on that:
Logon Type Codes Revealed
Look for all 4624/4634 events and surrounding events in security log, also may want to review system and application as they may have some useful information on profile gets created/modified, programs started, etc.