Re: Weired Kerbeos stuff in security event logs of Windows Server 2003 DC.
- From: "Paul Bergson" <pbergson@xxxxxxxxxx>
- Date: Mon, 12 Dec 2005 07:03:38 -0600
Look at the two links below
Describes the events for logon and logoff (Towards the bottom)
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
Event issues and solutions
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Spin" <Spin@xxxxxxxx> wrote in message
news:4046h8F16ng8tU1@xxxxxxxxxxxxxxxxx
> Thanks for your reply.
>
> --
> Spin
>
> "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
> news:O%23ow2Ns$FHA.1124@xxxxxxxxxxxxxxxxxxxxxxx
>> IIRC, it's telling you that it's allowed the logon (event id 576) and
>> allowed those privileges.
>> The next one (event id 540) reports a successful logon using the
>> authentication type 3 (kerberos).
>> Each of the privileges assigned are something you'll have to look up to
>> see what that right confers. Likely, you're looking at a process that has
>> as many rights as possible on that machine (running under the system sec
>> context).
>
>
.
- References:
- Prev by Date: Re: retired invocations?
- Next by Date: Re: ADC trying to replicate Deleted Items
- Previous by thread: Re: Weired Kerbeos stuff in security event logs of Windows Server 2003 DC.
- Next by thread: [PROBLEM] Very Slow Shutdown
- Index(es):
Relevant Pages
|
