Event ID - 551

Event Id551
SourceSecurity
DescriptionUser initiated logoff:

User Name: <User Name>
      Domain: <Domain>
      Logon ID: <Logon ID>     

Event InformationAccording to Microsoft :
Cause:
As , the user's primary access token, which contains the user's security information and allows access to objects, is erased from memory. After this token is erased, the user cannot access resources such as files or registry keys. When the logoff process is completed, a Security 538 message appears.

If a Security 538 message does not appear shortly after the Security 551 message, a program or service might not be managing its access tokens correctly. Although the user cannot access objects, the program or service might have cached an access token and therefore retained the ability to access objects.

Resolution:
* If this message is followed by a Security 538 message, no user action is required.

* If not, verify that all services and programs are updated and identify which of them might be causing this failure.

Related Events:
Event ID: 538, Event Source: Security
Reference LinksThe User Logoff Event ID 538 Is Not Logged to the Security Event Log When You Shut Down Your Computer and Then Restart It

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh