RE: Security Audit Issue - Please HELP!
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Thu, 30 Nov 2006 03:19:59 GMT
Hi Jordan,
Thanks for posting here.
From your post, I understand that you receive 540 event in the security logof your SBS server. If I have misunderstood the problem, please don't
hesitate to let me know.
First, I would like to introduce this event to you. Security event log 540
means a user successfully logged on to a network. You will find more detail
from the following page:
Windows Server 2003 Security Events
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/secmod1
28.mspx#EIAA
I wonder if there is any negative impact per this event, if not, I assume
it's just an informational event, you can ignore it.
Generally, it is usual we see lots of this event in the SBS server, since
the clients now and then access the resource on the SBS server and
logon/off.
The quantity of the events will depend on the usage of your SBS server.
So, for this issue, there is no action needed for you and it is safe and
fine.
If you have concerns that you want to secure your SBS network, following
information is for your reference.
Securing Your Windows Small Business Server 2003 Network
http://download.microsoft.com/download/1/f/1/1f15a874-f696-4992-b5ad-b1e7b25
8de1c/SecuringSBSnetwork.doc
SBS document link also for your reference.
Documentation by Alphabetical List for Windows Small Business Server 2003
http://www.microsoft.com/windowsserver2003/sbs/techinfo/productdoc/alpha.msp
x
Hope info above helps.
Thank you and have a nice day.
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Security Audit Issue - Please HELP!
| thread-index: AccT/c3ISETv2Zz9RS+adVCpEjlWZg==
| X-WBNR-Posting-Host: 72.244.84.70
| From: =?Utf-8?B?am9yZGFu?= <jordan@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Security Audit Issue - Please HELP!
| Date: Wed, 29 Nov 2006 13:32:00 -0800
| Lines: 30
| Message-ID: <6EDAC349-DEF0-4611-B299-220A84790546@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:316026
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Event Type: Success Audit
| Event Source: Security
| Event Category: Logon/Logoff
| Event ID: 540
| Date: 11/29/2006
| Time: 3:28:21 PM
| User: NT AUTHORITY\ANONYMOUS LOGON
| Computer: CSMBUSINESS
| Description:
| Successful Network Logon:
| User Name:
| Domain:
| Logon ID: (0x0,0x652834B)
| Logon Type: 3
| Logon Process: NtLmSsp
| Authentication Package: NTLM
| Workstation Name: ECAUDIO
| Logon GUID: -
| Caller User Name: -
| Caller Domain: -
| Caller Logon ID: -
| Caller Process ID: -
| Transited Services: -
| Source Network Address: 63.167.159.122
| Source Port: 0
|
|
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
|
|
.
- Follow-Ups:
- RE: Security Audit Issue - Please HELP!
- From: jordan
- RE: Security Audit Issue - Please HELP!
- Prev by Date: Re: SBS 2003 R2 in Australia...
- Next by Date: RE: Companyweb PDF Files
- Previous by thread: RE: Restricting external mail exept for one address.
- Next by thread: RE: Security Audit Issue - Please HELP!
- Index(es):
Relevant Pages
|
Loading
