Event ID: 4611A trusted logon process has been registered with the Local Security Authority
A trusted logon process has been registered with the Local Security Authority. This logon process will be trusted to submit logon requests. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Logon Process Name: %5
This event indicates that a logon process has registered with the Local Security Authority (LSA). Also, logon requests will now be accepted from this source.
At the technical level, the event does not come from the registration of a trusted logon process, but from a confirmation that the process is a trusted logon process. If it is a trusted logon process, the event generates.
A logon process is a trusted part of the operating system that handles the overall logon function for different logon methods (network, interactive, etc.).
You typically see these events during operating system startup or user logon and authentication actions.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Security System Extension"
LEFT/RIGHT arrow keys for navigationBack to List