Re: Anonymous change of passwords?
From: Benoit HAMET - MVP/MCP W2K (benoit.hamet_at_hametbenoit.fr.st)
Date: 05/21/03
- Next message: Daniel Billingsley: "Re: NO, MICROSOFT DOES NOT SEND OUT SECURITY PATCHES, IT IS A VIRUS!"
- Previous message: Gunnar Carlson: "Anonymous change of passwords?"
- In reply to: Gunnar Carlson: "Anonymous change of passwords?"
- Next in thread: Karl Levinson [x y] mvp: "Re: Anonymous change of passwords?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 May 2003 13:16:06 +0200
Hi
anonymous logon is used to open a session anonymous on your pc (for example
by IIS)
your message means that someone is trying to change this user account
password and he succed - maybe it will indicate that you have a security
breach because most of the time we don't change this account password define
by OS
(sorry for any English mystake)
-- Participez aux "Duo gagnant" : http://register.microsoft.com/regsys/regsys.asp?wizid=6667&lcid=1036 ========================================= Benoit HAMET MVP / MCP Windows 2000 www.hametbenoit.fr.st support.microsoft.com www.mvp.int.ms "Gunnar Carlson" <gunnar.carlson@zipper.se> a écrit dans le message de news: 0dd601c31f89$487ce0b0$a101280a@phx.gbl... > We have an account that is marked with "User cannot > change password". In the security log I found the > following events for that very account: > > > > 2003-05-19 13:36:48 Security Success > Audit Account Management 627 NT > AUTHORITY\ANONYMOUS LOGON DC2003-1 "Change > Password Attempt: > Target Account Name: 86tefirg > Target Domain: SKOLA > Target Account ID: SKOLA\86tefirg > Caller User Name: ANONYMOUS LOGON > Caller Domain: NT AUTHORITY > Caller Logon ID: (0x0,0x972F) > Privileges: - > " > 2003-05-19 13:36:48 Security Success > Audit Account Management 642 NT > AUTHORITY\ANONYMOUS LOGON DC2003-1 "User > Account Changed: > Target Account Name: 86tefirg > Target Domain: SKOLA > Target Account ID: SKOLA\86tefirg > Caller User Name: ANONYMOUS LOGON > Caller Domain: NT AUTHORITY > Caller Logon ID: (0x0,0x972F) > Privileges: - > Changed Attributes: > Sam Account Name: - > Display Name: - > User Principal Name: - > Home Directory: - > Home Drive: - > Script Path: - > Profile Path: - > User Workstations: - > Password Last Set: 5/19/2003 1:36:48 PM > Account Expires: - > Primary Group ID: - > AllowedToDelegateTo: - > Old UAC Value: - > New UAC Value: - > User Account Control: - > User Parameters: - > Sid History: - > Logon Hours: - > > I cannot interpret this in any other way than that the > password has been changed. But how is that possible? And > what does the "ANONYMOUS LOGON" mean? >
- Next message: Daniel Billingsley: "Re: NO, MICROSOFT DOES NOT SEND OUT SECURITY PATCHES, IT IS A VIRUS!"
- Previous message: Gunnar Carlson: "Anonymous change of passwords?"
- In reply to: Gunnar Carlson: "Anonymous change of passwords?"
- Next in thread: Karl Levinson [x y] mvp: "Re: Anonymous change of passwords?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
