Security Basics mailing list archives
RE: TR : event viewer log How to get more information
From: "Maksoudian, Gary" <gary.maksoudian () thermo com>
Date: Mon, 7 Apr 2003 11:12:12 -0400
Can't you just disable this ffournXXX account, or change the password? Gary Maksoudian Thermo Electron Corporation 905.332.2000 ext. 238 -----Original Message----- From: "Héroux, Christian" [mailto:Christian.Heroux () etsmtl ca] Sent: April 4, 2003 12:15 PM To: security-basics () securityfocus com Subject: TR : event viewer log How to get more information Hello all ! I hope you can help me ! There are many event log like these one on a user workstation windows XP. Someone logged into his station? Right? How can I get more info to troubleshoot? Nobody is allowed in this user station. We don`t have much info to find out what wrong. Is it a process, which PC...Do you have any tool that could log more detail. Christian H. Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 2003-04-02 Time: 10:19:02 User: XXX\ffournXXX Computer: BISMARCK Description: Successful Network Logon: User Name: ffournXXX Domain: XXX Logon ID: (0x0,0x1BA8FD3) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: GPA_024824 Logon GUID: {00000000-0000-0000-0000-000000000000} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 2003-04-03 Time: 09:40:15 User: XXX\rmaraXXXX Computer: BISMARCK Description: Successful Network Logon: User Name: rmaranXXX Domain: XXX Logon ID: (0x0,0x586DD0) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: GPA_026195 Logon GUID: {00000000-0000-0000-0000-000000000000} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 2003-04-04 Time: 02:33:06 User: NT AUTHORITY\SYSTEM Computer: BISMARCK Description: Logon Failure: Reason: Unknown user name or bad password User Name: Administrator Domain: PERF-1 Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NWV1_0 Workstation Name: PERF-1 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics <b> ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ------------------------------------------------------------------- </b>
Current thread:
- TR : event viewer log How to get more information Héroux, Christian (Apr 07)
- RE: TR : event viewer log How to get more information John Warnas/HintTech B.V. (Apr 08)
- <Possible follow-ups>
- RE: TR : event viewer log How to get more information Maksoudian, Gary (Apr 07)
- RE: TR : event viewer log How to get more information Robinson, Sonja (Apr 07)
- RE: TR : event viewer log How to get more information Trevor Cushen (Apr 07)
- RE: TR : event viewer log How to get more information dave (Apr 08)
- RE: TR : event viewer log How to get more information DS (Apr 10)
- RE: TR : event viewer log How to get more information Rick Darsey (Apr 10)
- RE: TR : event viewer log How to get more information dave (Apr 08)
- Re: TR : event viewer log How to get more information H Carvey (Apr 07)