Events duplication (in event viewer) after successful logon - Microsoft Community


can please explain me why see several (looks duplicated) event in event viewer after successful logon. 

for example after reboot (win 10 workstation, no domain, no specific configuration) see in security log 2 totally identical logs event 4624, type 2

the same situation "unlock"

i want show these events in logs:

in example pc in domain, , reproducing windows unlock (logoff - logon):

first event

log name:      security
source:        microsoft-windows-security-auditing
date:          2/14/2017 1:35:30 pm
event id:      4624
task category: logon
level:         information
keywords:      audit success
user:          n/a
computer:      mpxxx.xxx.xxx.net
description:
account logged on.

subject:
security id:  system
account name:  mpxxx$
account domain: kiv
logon id:  0x3e7

logon information:
logon type:  7
restricted admin mode: -
virtual account: no
elevated token: yes

impersonation level: impersonation

new logon:
security id:  universe\mpxxx
account name:  mpxxx
account domain: universe
logon id:  0x3d5986
linked logon id: 0x3d8cf3
network account name: -
network account domain: -
logon guid:  {a97eb034-e1a9-beba-9e13-0376df13c092}

process information:
process id:  0x2cc
process name:  c:\windows\system32\lsass.exe

network information:
workstation name: mpxxx
source network address: -
source port:  -

detailed authentication information:
logon process: negotiat
authentication package: negotiate
transited services: -
package name (ntlm only): -
key length:  0

second duplicated event:

log name:      security
source:        microsoft-windows-security-auditing
date:          2/14/2017 1:35:30 pm
event id:      4624
task category: logon
level:         information
keywords:      audit success
user:          n/a
computer:      mpxxx.xxx.xxx.net
description:
account logged on.

subject:
security id:  system
account name:  mpxxx$
account domain: kiv
logon id:  0x3e7

logon information:
logon type:  7
restricted admin mode: -
virtual account: no
elevated token: no

impersonation level: impersonation

new logon:
security id:  universe\mpxxx
account name:  mpxxx
account domain: universe
logon id:  0x3d8cf3
linked logon id: 0x3d5986
network account name: -
network account domain: -
logon guid:  {00000000-0000-0000-0000-000000000000}

process information:
process id:  0x2cc
process name:  c:\windows\system32\lsass.exe

network information:
workstation name: mpxxx
source network address: -
source port:  -

detailed authentication information:
logon process: negotiat
authentication package: negotiate
transited services: -
package name (ntlm only): -
key length:  0

the difference in "elevated token: , logon guid:" portion of output 

dear ms guru please give me ideas why duplication happens. important because planning send events third party security system , duplication makes lot of unnecessary noise

thank you.  

question outside scope of site (for consumers) , sure best answer should asked either on technet (for pro's) or msdn (for developers)

technet
https://social.technet.microsoft.com/forums/en-us/home

msdn

https://social.msdn.microsoft.com/forums/en-us/home

if give link new thread can point resources


Windows / Windows 10 / Security & privacy / PC



-

Comments

Post a Comment

Popular posts from this blog

Windows 10 - Microsoft Community

did upgrade win 7 win 10 when kept getting messages telling me needed update before stop supporting win 7, , far must dislike win10.  i've had lot of problems, main being lot of times when turn on laptop, blank screen.  the laptop on , running, there light coming screen can't past screen.  at 1 point, closed screen go sleep, open screen , fine.  that doesn't work either - laptop won't go sleep.  i've tried going safe mode, messing different settings nothing has worked.  i install updates windows recommends - i'm @ loss , frustrated.  anyone have ideas on how fix blank screen logons?  is video driver issue??  i appreciate before frustrated , throw laptop out window.  :)  thanks in advance. answers post should include minimum information. 1.  device type. ie pc, laptop, tablet, surface. 2.  os type, home, pro, executive, etc 3.  current build....
Read more

Mouse Without Borders (#mousewithoutborders, - Microsoft Community

Image
mouse w/o borders makes captain of computer fleet allowing control 4 computers single mouse , keyboard. means mouse w/o borders can drag , drop or copy , paste text, screen capture , file across computers. mouse without borders available microsoft download with millions of downloads seen on google , twitter , seattle times , cnet , technet , channel 9 , techcrunch , engadget , pcmag , youtube would want have incredible mouse can seamlessly move 1 machine another? want risk of kvm , more productive working multiple machines? if new idea of using single set of mouse , keyboard work multiple machines or if having more or less troubles while using other software/hardware kvm wanted give mouse without borders a try. first impression of new user “it incredible! impossible!” mouse without borders runs on versions of windows (xp/2k3/vista/2k8/win7/win8/win10/2016, x86 or amd64) setup https://www.cne...
Read more

WTouch_Message_Window app running in the background is preventing - Microsoft Community

everytime restart or turn off computer message appears in front of me, since happened wacom tablet's been acting out , cant find driver it...idk if keep affecting performance, need closing off... since it's running in background i didnt know app there or anything, , started 2 months ago...just tampered tablet , need work done urgent... d:  thanks  ***post moved moderator appropriate forum category.*** everytime restart or turn off computer message appears in front of me, since happened wacom tablet's been acting out , cant find driver it...idk if keep affecting performance, need closing off... since it's running in background i didnt know app there or anything, , started 2 months ago...just tampered tablet , need work done urgent... d:  thanks  hi michelle, to better assist issue, have tried uninstalling driver of wacom tablet computer? to eliminate software caus...
Read more