RE: Security concern - How to read event viewer security line item
- From: bass_player <bassplayer@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 2 Nov 2006 12:15:02 -0800
Check out http://support.microsoft.com/default.aspx?scid=kb;en-us;122702
This also applies to Windows Server 2003/SBS 2003
--
MCP MCDBA MCAD MCSD MCT MCTS:SQL Server 2005
"Helping people grow and develop their full potential as God has plan for
them"
"S. Ahmed" wrote:
Update: I know something is wrong... There are 207,680 security events of.
logon/logoff in 3 days (10/30/2006 to 11/01/2006)
"S. Ahmed" wrote:
hi.
The following are few of thousand of items i see in event viewer under
security. All these users are not in office right now (its 9:39pm right now)
and I am sure they are not trying to connect via RWW. and what about this
"ANONYMOUS LOGON" ?
Thanks in Advance
PS: how do you check if someone not authorized is trying to get in ?
===============
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 11/1/2006
Time: 9:33:30 PM
User: EXPRESSMORTGAGE\SCarter
Computer: EMSSERVER
Description:
User Logoff:
User Name: SCarter
Domain: EXPRESSMORTGAGE
Logon ID: (0x0,0x1519E476)
Logon Type: 3
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
============================
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 11/1/2006
Time: 9:26:37 PM
User: EXPRESSMORTGAGE\FrontDesk$
Computer: EMSSERVER
Description:
Successful Network Logon:
User Name: FrontDesk$
Domain: EXPRESSMORTGAGE
Logon ID: (0x0,0x1517C4AB)
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:
Logon GUID: {8c473f76-6c21-2392-085e-a52a353e9957}
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.16.12
Source Port: 0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
=============================
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 11/1/2006
Time: 9:09:39 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: EMSSERVER
Description:
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID: (0x0,0x151113DC)
Logon Type: 3
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
==========================
- References:
- Prev by Date: Remote office via Hardware VPN can't access Companyweb
- Next by Date: Re: Migrating from POP3 connector to SMTP
- Previous by thread: RE: Security concern - How to read event viewer security line items ?
- Next by thread: RE: Security concern - How to read event viewer security line items ?
- Index(es):
Relevant Pages
|
Loading
