Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 23/02/2008 Time: 09:59:49 User: COMPUTERNAME\username Computer: COMPUTERNAME Description: Successful Network Logon: User Name: username Domain: COMPUTERNAME Logon ID: (0x0,0x15D01F) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: COMPUTERNAME Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.0.246 Source Port: 1065 -------------------------------------------------------------- Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 534 Date: 23/02/2008 Time: 10:26:47 User: NT AUTHORITY\SYSTEM Computer: COMPUTERNAME Description: Logon Failure: Reason: The user has not been granted the requested logon type at this machine User Name: username Domain: COMPUTERNAME Logon Type: 4 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: COMPUTERNAME Caller User Name: NETWORK SERVICE Caller Domain: NT AUTHORITY Caller Logon ID: (0x0,0x3E4) Caller Process ID: 2420 Transited Services: - Source Network Address: - Source Port: -For comparison here's a Success audit when logging in using the site name from another machine:
Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 23/02/2008 Time: 10:26:46 User: COMPUTERNAME\username Computer: COMPUTERNAME Description: Successful Network Logon: User Name: username Domain: COMPUTERNAME Logon ID: (0x0,0x2388D9) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: DELL9400 Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.0.126 Source Port: 1596Note that this isn't really an issue for me but I would like to understand the reason for the different behaviours.