Source

Level

Description

Successful Logon:
         User Name: <user name>
         Domain: <domain name>
         Logon ID: <logon identifier>
         Logon Type: <logon type>
         Logon Process: <logon process>
         Authentication Package: <package name>
         Workstation Name: <computer name>

Comments

 

See the link to "Windows 2000 Magazine" for a complete overview on this event. Also, see ME320670.

This event informs you that a logon session was successfully created for the user. See MSW2KDB for information on the details present in the description (logon ID, GUID, etc).

When you turn on the Audit Logon Events feature to track logon and logoff events, you may receive logon event messages (Event 528 Type 2) in the security log. However, you may not receive user logoff event messages (Event 538 Type 2) in the security log. See ME828020 for a hotfix applicable to Microsoft Windows 2000. For additional information, see ME318253 and ME287537.

See "Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP" for detailed information about relevant security settings that you can configure on Microsoft Windows Server 2003 and Windows XP SP1.

See ME199472 and ME260835 for more details on this event.

A user or an application successfully logged on to a computer. A corresponding event id 538 will be recorded for the logoff. See the comments for event id 538. See ME274176 for more details.

For a list of logon types see the link to the "Windows Logon Types" article.

Information about the <authentication package> field found in the "Windows Authentication Packages" article.