Windows Server Security Event 4648

Windows Server Security Event 4648:

A logon was attempted using explicit credentials.

Security ID: %1
Account Name: %2
Account Domain: %3
Logon ID: %4
Logon GUID: %5

Account Whose Credentials Were Used:
Account Name: %6
Account Domain: %7
Logon GUID: %8

Target Server:
Target Server Name: %9
Additional Information: %10

Process Information:
Process ID: %11
Process Name: %12

Network Information:
Network Address: %13
Port: %14

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Leave a Reply

Your email address will not be published. Required fields are marked *