I have a question: i am the only one at home. i have 2 laptops. i remotely connected to my other laptop (RDP) and locked it and i kept my terminal window minimized. when i switched back to it, i found it unlocked. what could have caused that?
I was at work and left my computer in sleep mode, locking it. When I came back from work , hours later, I can see multiple 4624 Logon Tasks which I've not performed. Does this mean someone logged into my computer using my password while I was gone?
You'll have to look at the logon type. If it's a 5, then it was started by SCM (services). If they are tagged with a logon type 2, 3, 7, 10 or 11, best to check with your IT support if you weren't the one that logged into your computer.
It means that windows started service with user's accouns credentials. If sevice launched from LocalService or NetworkService service accounts this logon type won't be logged.
![Blox Fruits Dragon Rework Update [Full Stream]](http://i.ytimg.com/vi/EqDAp8udhm0/mqdefault.jpg)
Thank you a lot for this in depth video.
Exabeam question: can you track logons and sessions for a smart card user using the certificate's serial or thumbprint? Asking for a friend :D
I have a question: i am the only one at home. i have 2 laptops. i remotely connected to my other laptop (RDP) and locked it and i kept my terminal window minimized. when i switched back to it, i found it unlocked. what could have caused that?
I was at work and left my computer in sleep mode, locking it. When I came back from work , hours later, I can see multiple 4624 Logon Tasks which I've not performed. Does this mean someone logged into my computer using my password while I was gone?
You'll have to look at the logon type. If it's a 5, then it was started by SCM (services). If they are tagged with a logon type 2, 3, 7, 10 or 11, best to check with your IT support if you weren't the one that logged into your computer.
What about Logon Type 5?
It means that windows started service with user's accouns credentials. If sevice launched from LocalService or NetworkService service accounts this logon type won't be logged.
2