Re: Should I Be Concerned?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Sun, 19 Oct 2008 10:18:25 -0400

---

James Yeomans BSc, MCSE <JamesYeomansBScMCSE@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

Hi there, the administrator account is not subject to the account
lockout policy and will never be locked out. It could potentially
lock you out of the whole network with no way of getting back in!!!
This is why microsoft reccomend renaming the administrator account so
that a hacker does not need to just guess a password but aos a
username as well.
James.

True, re lockout...but Microsoft doesn't recommend renaming the account,
AFAIK. Anyway, any cracker worth his / her salt won't be looking for the
name, but the well-known SID. Just give Administrator a very good long
complex passphrase.

This was in the server report. I thought by default, login failure
would lock you out temporarily if you failed 4 attempts in a row.
Could this be a client machine or another server improperly
configured?





Critical Errors in Security Log



Source
Event ID
Last Occurrence
Total Occurrences

Security
529
10/17/2008 12:35 AM
109,190 *

Logon Failure:


Reason:
Unknown user name or bad password


User Name:
Administrator


Domain:
EXAMPLE.COM


Logon Type:
4


Logon Process:
Advapi


Authentication Package:
Negotiate


Workstation Name:
GEN1


Caller User Name:
GEN1$


Caller Domain:
EXAMPLE.COM


Caller Logon ID:
(0x0,0x3E7)


Caller Process ID:
1056


Transited Services:
-


Source Network Address:
-


Source Port:
-

.

---

• References:
  • Should I Be Concerned?
    • From: Clever Left
  • RE: Should I Be Concerned?
    • From: James Yeomans BSc, MCSE

• Prev by Date: Re: SBS 2003 + Exchange setup checklist
• Next by Date: Re: SBS 2003 + Exchange setup checklist
• Previous by thread: Re: Should I Be Concerned?
• Next by thread: Re: Vista Outlook to SBS2003 exchange server
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Event ID 529 ... First is a hardware firewall that sits on the perimeter of your network and requires that your users give user names and passwords, different from those for the network. ... Sometimes the Logon Type is different, also the User Name can be ... Computer: <SERVER NAME> ... Caller User Name: $ ... (microsoft.public.windows.server.sbs) Re: Want XP Pro file shares accessible on net when computer locked ... to lock out network access as well as local. ... machine corresponding to the various network client PC's. ... gaining access to the XP Pro server via the guest account and authenticating ... >>accounts over the net? ... (microsoft.public.windowsxp.network_web) Re: Large file copy locks up SBS 2003 ... While reviewing the System event logs (again after the second lock up), ... The article recommends applying SBS ... When you copy the files to a network shared place, ... > Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: Buggy IPI and MTRR code on low memory ... We could have a separate lock for each destination ... Then the caller could release the lock. ... because it a) makes the caller hang around until the consumer has ... executed and it b) requires that callers still have local interrupts ... (Linux-Kernel) Re: Security Event 529...please help.... ... Is you laptop name SBS1? ... This can happen if you have a presistent network connenction or a service ... Logon Failure: ... Caller User Name: - ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2008-10