Announcement

Collapse
No announcement yet.

Find out a machine name from Logon ID

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Find out a machine name from Logon ID

    Hi,
    Every time an entry is made int o the security event log, a "Logon ID" is written into the entry. This entry is unique to a user session from a particular computer (PC or server).

    What I have in my event log is certain operations carried out by a generic account. I want to track it down to the PC from which a person would have logged on with this generic account. As this is a generic account, the only possibility of pinning this down is through the logon ID.

    I know that when this account would have logged on there would be an event which would have this logon id and the PC name and that I should look out for this event.

    Unfortunately the event logs are over-written and we cannot retrieve the same.

    I'm looking for a way to translate this logon ID into a PC name. I have the following example from my event log.

    Client Logon ID: (0x0,0x29C1EA44)

    Is there a tool to change the hex value to a PC name (if at all the hex value contains the PC name).

    Thanks in advance.

    murtaza

  • #2
    hi

    hi...

    the hex itself doesn't contain the Computer name allthough it does comply it into an algorithm. what the algorithm is... only a microsoft programmer can answer that question...
    Yaniv Feldman
    Microsoft Security Regional Director
    Microsoft Management Expert
    MCSA, MCSE, MCT

    Comment

    Working...
    X