1

A few weeks ago I implemented a scheduled task that executes every 20 minutes on every workstation and server in the organization. This task runs under the local system account.

Since that date I have had a massive increase in the number of logon events (4624 and 4634) generated by all of my systems. This is a problem for my Splunk licensing.

Other than rewriting the executable this task fires into a full fledged service is there any way to change this behavior? I'd think that an executable run on the local box with local permissions wouldn't require authenticating to the domain controller.

Improve this question

1 Answer 1

Reset to default
0

It does not appear that there is a ready way to eliminate this logging so I created a small service around the code for the original executable.

Improve this answer
2
  • Just out of morbid curiosity, what did you have running every 20 minutes on every machine? Commented Jan 27, 2012 at 22:23
  • I needed a better way to address client side targeting. I have previous questions about it, including serverfault.com/q/347129/90351 Commented Jan 28, 2012 at 0:38

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.