Netherlands: Software

Introductie Windows Server 2016

Issue link: http://hub-nl.insight.com/i/692748

Contents of this Issue

Navigation

Page 122 of 173

113 C H A P T E R 5 | Security ElevatedToken String: yes or no If the account that signed in to the PC is an administrative sign-in, this field will be yes; otherwise, the field is no. Additionally, if this is part of a split token, the linked login ID (LSAP_LOGON_SESSION) will also be shown. TargetOutboundUserName String and TargetOutboundUserDomain String The user name and domain of the identity that was created by the LogonUser method for outbound traffic. VirtualAccount String: yes or no If the account that signed in to the PC is a virtual account, this field will be yes; otherwise, the field is no. GroupMembership String A list of all of the groups in the user's token. RestrictedAdminMode String: yes or no If the user signs in to the PC in restricted admin mode with Remote Desktop, this field will be yes. New fields in the process creation event The sign-in event ID 4688 has been updated to include more verbose information to make it easier to analyze. The following fields have been added to event 4688: TargetUserSid String The SID of the target principal. TargetUserName String The account name of the target user. TargetDomainName String The domain of the target user. TargetLogonId String The logon ID of the target user. ParentProcessName String The name of the creator process. ParentProcessId String A pointer to the actual parent process if it's different from the creator process. Security Account Manager (SAM) events New SAM events were added to cover SAM APIs that perform read/query operations. In previous versions of Windows, only write operations were audited. The new events are event ID 4798 and event ID 4799. The following APIs are now audited: SamrEnumerateGroupsInDomain SamrEnumerateUsersInDomain SamrEnumerateAliasesInDomain SamrGetAliasMembership

Articles in this issue

Archives of this issue

view archives of Netherlands: Software - Introductie Windows Server 2016