EVENTID 4648. Mismatch ,Subject (Standard User), CredentialsUsed (Admin), Target(Localhost)
Server Fault Asked by Akhil Abraham on December 27, 2021
In the Event ID 4648, The subject’s Account Name is the "Standard user". But under the credentials used section, the account name is of the "Administrator" and the Target Server is "LocalHost"and Account Domain is same as well. How is this possible? what is the exact interpretation of this Event?. Can the usage of any application cause this?
One Answer
I have many 4648 events on my main machine, for me this happens every time I am logged-in as a standard user and then run a new process as a different user, usually an administrator.
You can do this with runas.exe or Start-Process -verb runas, or in the GUI content menu Run as a different user or Run as administrator.
It may also happen when a scheduled tasks runs as a specific user, but I haven't checked that.
It may also happen when you connect to a network drive and have to provide different credentials.
Answered by Peter Hahndorf on December 27, 2021
Add your own answers!
Ask a Question
Get help from others!
Recent Answers
- Jon Church on Why fry rice before boiling?
- Lex on Does Google Analytics track 404 page responses as valid page views?
- haakon.io on Why fry rice before boiling?
- Peter Machado on Why fry rice before boiling?
- Joshua Engel on Why fry rice before boiling?
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?