Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Comments for event ID 1202 currently in the processing queue.

Note: We have not reviewed this information yet so it is unfiltered, exactly how it was submitted by our contributors.

Event ID: 1202
Event Source: SceCli
Event Type: -
Event Description: -
Comment: Error 0x534:  We had the warnings appearing in all domain computers' event logs, but the winlogon.log did not indicate an SID that was a culprit.

However, I discovered in Group Policy a local computer account had been assigned the privilege: 'Logon as a batch job'. The local user account of course did not have a domain SID which is why it wasn't listed in the winlogon.log file.

The entry in Group Policy did not have the DOMAIN\UserName format, just UserName. So, only the computer that had that local account was not producing the 1202 warnings.


In my case, I replaced the local account in the Group Policy with a domain service account and the warnings stopped. Index: 348

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...