O usuário administrador da conta (assunto) tentou fazer logon como paulb interativamente (tipo de logon 2), que falhou porque a senha está incorreta (0xC000006d / 0xC000006A)
Durante um evento do 4625 windows (logon com falha), como o abaixo, que realmente digitou as credenciais incorretas?
a) Foi o usuário no computador logado como paulb digitando incorretamente as credenciais do usuário administrador?
Ou b) é o usuário logado como usuário-administrador digitando incorretamente as credenciais do paulb?
WinEvtLog: Security: AUDIT_FAILURE(4625):
Microsoft-Windows-Security-Auditing: (no user): no domain:
M-P-BO-SOA1: An account failed to log on.
Subject:
Security ID: S-1-4-11-123456789-123456789-123456789-1234
Account Name: admin-user
Account Domain: WINSERVER01
Logon ID: 0x6772f
Logon Type: 2
Account For Which Logon Failed:
Security ID: S-1-0-0
Account Name: paulb
Account Domain:
Failure Information:
Failure Reason: %%2313
Status: 0xc000006d
Sub Status: 0xc000006a
Process Information:
Caller Process ID: 0xfb8
Caller Process Name: C:\Windows\System32\dllhost.exe
Network Information:
Workstation Name: WINSERVER01 Source
Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Transited Services: - Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.