RE: Logon audit



Hi,

The 680 ID is a successful authentication using NTLM.

Here are some useful links:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monito
r/logevnts.mspx
http://www.windowsecurity.com/pages/article_p.asp?id=1363
http://www.ultimatewindowssecurity.com/encyclopedia.html

--Gene

-----Original Message-----
From: nemanja.janic@xxxxxxxxx [mailto:nemanja.janic@xxxxxxxxx]
Sent: Friday, June 09, 2006 3:02 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Logon audit

Hello list,
i need some help with interpreting what i see. I have Logon Failure Audit
turned on on several machines in my system (all Win XP pro), and i keep
getting this:
"
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: <username>
Source Workstation: <stationname>
Error Code: 0xC000006E

Type stated is Failure Audit, Event ID is 680.
"

Username and workstation vary from machine to machine.

Now my question is, what is that Event ID680? I am sure that no users are
trying to logon to mentioned machines, and that there is no shared-folder
accessing going on. I tried to find answers all over the web, but to no
avail as of yet.
Is is a worm/virus of some sort? Or another win intricacy?

--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
-


---------------------------------------------------------------------------
---------------------------------------------------------------------------