curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

microblog: 12 Jan 2025

This commit is contained in:
Ming Di Leom 2025-01-12 06:24:54 +00:00
parent 683c959f28
commit e978acfb59
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source/_posts/2025-01-12.md Normal file
View File

@ -0,0 +1,6 @@
---
title: Event 5136 does not record logon time
date: 2025-01-12
---
Every successful logon is recorded in [Event 4624](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4624) but does [not necessarily](https://learn.microsoft.com/en-us/archive/technet-wiki/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate) update the [`lastLogonTimestamp`](https://learn.microsoft.com/en-us/windows/win32/adschema/a-lastlogontimestamp) attribute (nor its human-friendly version `LastLogonDate`). Even when it gets updated (after [`ms-DS-Logon-Time-Sync-Interval`](https://techcommunity.microsoft.com/blog/askds/8220the-lastlogontimestamp-attribute8221-8211-8220what-it-was-designed-for-and-h/396204) minus a random percentage of 5 has passed), [Event 5136](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=5136) (a directory service object was modified) will not capture it.