| Event Id | 680 |
| Source | Security |
| Description | "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: %user name% Source Workstation: %computer name% Error Code: 0x0" |
| Event Information | According to Microsoft: Cause 1: A program or service attempted to start with the logon credentials specified in the message, which do not match the credentials of the current user. This message is logged for informational purposes only. Resolution: No user action is required. CAUSE 2: Windows XP attempts a limited logon for each account that is displayed on the Welcome screen to determine whether to prompt the user for a password. An attempted logon is logged for each account displayed. Resolution: To prevent these events from being logged, disable the Welcome screen and use the classic logon screen or turn off auditing of logon events. To turn off auditing in the Microsoft Management Console (MMC) snap-in for Group Policy: 1. Click Start, click Run, type gpedit.msc, and then click OK. 2. In the left pane, expand the following items: • Local Computer Policy • Computer Configuration • Windows Settings • Security Settings • Local Policy 3. Click Audit Policy. 4. Double-click Audit Logon Events. 5. Click to clear the Success and Failure check boxes. 6. Click OK. 7. Close the Group Policy window. CAUSE 3: When a user logs off, Windows XP re-reads the user record for updated information to optimize the next logon process. However, Windows ignores the fact that the user is from the local SAM database and instead tries to contact the domain (if the computer is a member of a domain). RESOLUTION: To resolve this problem, obtain the latest service pack for Microsoft Windows XP. |
| Reference Links | Failure Events Are Logged When the Welcome Screen Is Enabled How To Use the Fast User Switching Feature in Windows XP Windows 2000 Security Event Descriptions List of fixes included in Windows XP Service Pack 2 Windows Operating System (Security) Security Event Descriptions Audit Account Logon Events |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.