Event ID - 552

Event Id552
SourceSecurity
DescriptionLogon attempt using explicit credentials:

Logged on user:
      User Name: <User Name>
      Domain: <Domain>
      Logon ID:<Logon ID>
      Logon GUID: <Logon GUID>
      User whose credentials were used:
      Target User Name:<Target User Name>
      Target Domain: <Target Domain>
      Target Logon GUID: <Target Logon GUID>
      Target Server Name: <Target Server Name>
      Target Server Info: <Target Server Info>
      Caller Process ID: <Caller Process ID>
      Source Network Address: <Source Network Address>
      Source Port: <Source Port>     

Event InformationAccording to Microsoft :
Cause :
A user who is logged on tried to create another logon session with a different user's credentials. Typically, this occurs when the user runs the RUNAS command and specifies a different set of credentials.
1)The Logged on user fields specify the user's original credentials.
2)The Target User fields specify the credentials that the user supplied for the new logon session.
3)The Caller Process ID field specifies the process that made the logon request with the new credentials.
4)The Source Network Address and Source Port fields specify the source IP address and source port number for the remote computer that sent the logon request, if applicable.
Resolution :
No user action is required.

---------------------------------------------------------------------------------------------------------

Cause :
The outbound network request was initiated with non-default credentials. Normally, outbound network connections use the credentials of the logged-on user, or of the service or machine account. However, in certain cases, such as when using the RUNAS command with the /NETONLY option, explicit credentials can be specified. This message is displayed for informational purposes only.

Resolution :
No user action is required.
Reference LinksEvent ID 552 from Source Security

Alternate Event ID in Vista and Windows Server 2008 is 4648.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh