-
1
- #1
Hi all,
if I run the Sysinternals logonsessions tool on my local machine, I get the a list with following logons:
[0] Logon session 00000000:000003e7:
User name: SONNET\SONNET-JARMO$
Logon type: (none)
Session: 0
[1] Logon session 00000000:0000cda4:
User name:
Logon type: (none)
Session: 0
[2] Logon session 00000000:000003e4:
User name: NT AUTHORITY\NETWORK SERVICE
Logon type: Service
Session: 0
[3] Logon session 00000000:000003e5:
User name: NT AUTHORITY\LOCAL SERVICE
Logon type: Service
Session: 0
[4] Logon session 00000000:00012002:
User name: SONNET\jjoensuu
Logon type: CachedInteractive
Session: 0
[5] Logon session 00000000:0001ab2c:
User name: NT AUTHORITY\ANONYMOUS LOGON
Logon type: Network
Session: 0
Any pointers to information on how to understand the output would be appreciated.
In lieu of that, a couple of questions about the output:
1. I am assuming that the "NETWORK SERVICE" and "LOCAL SERVICE" are used by services on my computer (correct me if I'm wrong). Is "ANONYMOUS LOGON" used by services on e.g. a network printer that may need to communicate with my computer?
2. If logon #4 ("SONNET\jjoensuu") is my cached logon on the laptop when the "SONNET" domain is not available, then what is logon #0 ("SONNET\SONNET-JARMO$")?
3. What could be the cause of a logon with empty user name (logon #1)
cheers,
if I run the Sysinternals logonsessions tool on my local machine, I get the a list with following logons:
[0] Logon session 00000000:000003e7:
User name: SONNET\SONNET-JARMO$
Logon type: (none)
Session: 0
[1] Logon session 00000000:0000cda4:
User name:
Logon type: (none)
Session: 0
[2] Logon session 00000000:000003e4:
User name: NT AUTHORITY\NETWORK SERVICE
Logon type: Service
Session: 0
[3] Logon session 00000000:000003e5:
User name: NT AUTHORITY\LOCAL SERVICE
Logon type: Service
Session: 0
[4] Logon session 00000000:00012002:
User name: SONNET\jjoensuu
Logon type: CachedInteractive
Session: 0
[5] Logon session 00000000:0001ab2c:
User name: NT AUTHORITY\ANONYMOUS LOGON
Logon type: Network
Session: 0
Any pointers to information on how to understand the output would be appreciated.
In lieu of that, a couple of questions about the output:
1. I am assuming that the "NETWORK SERVICE" and "LOCAL SERVICE" are used by services on my computer (correct me if I'm wrong). Is "ANONYMOUS LOGON" used by services on e.g. a network printer that may need to communicate with my computer?
2. If logon #4 ("SONNET\jjoensuu") is my cached logon on the laptop when the "SONNET" domain is not available, then what is logon #0 ("SONNET\SONNET-JARMO$")?
3. What could be the cause of a logon with empty user name (logon #1)
cheers,