Can anyone point be at a reference point for types of authentication events that wouldn't update lastlogontimestamp? After reading what seems to be the defacto Blog article on lastlogontimestamp, I conclude thatlast logon is the process of interactively providing username and password - http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx?wa=wsignin1.0
So what activities might not update lastlogon timestamp? For example would all of the following?
Secondary authentication (runas?)
Scheduled task running under a user context?
etc.
Paul