Re: Security warning...

From: Paul (paul.peters@nospam.com)
Date: 05/08/02


From: "Paul" <paul.peters@nospam.com>
Date: Wed, 8 May 2002 14:34:04 -0500


Try this http://www.eventid.net/display.asp?eventid=529&source

www.eventid.net is a great site for this stuff.

"syn" <syn@eskimo.com> wrote in message news:#kUR5I97BHA.2488@tkmsftngp04...
> Greetings,
>
> For the last month or so, I have been receiving Failure notices in my
> security log on one machine in a peer-to-peer Windows 2000 network. The
> details change (ie; workgroup, user name, etc), but I get at least 5 to 10
> of these per day. Any ideas on where to look for worms or whatever else
may
> be causing this?
>
> --------------- snip --------------------
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> Date: 4/29/2002
> Time: 3:42:25 PM
> User: NT AUTHORITY\SYSTEM
> Computer: PARASITE-1
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: HALL
> Domain: OEMWORKGROUP
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name: \\OLD COMPUTER
>
>



Relevant Pages

  • Re: 30k plus Event 537s a Day
    ... Recieved this failure previously. ... Its down to the system time being out of ... >> Event Type: Failure Audit ... >> Logon Failure: ...
    (microsoft.public.windows.server.sbs)
  • ASP not working
    ... I host a site that runs classic ASP, but the site refuses ... to run and when I check the security log it some up with ... Category: Account Logon and Logon/Logoff ... Logon Failure: ...
    (microsoft.public.inetserver.iis.security)
  • Re: Is it really true that NTFS is secure?
    ... > and failure auditing starting with "Audit Account Management," and also try ... > The account Group got put back in the Administrator group again. ... > The logon to account: ...
    (microsoft.public.security)
  • Event ID: 529 from who?
    ... Event Type: Failure Audit ... Logon Failure: ... Caller User Name: - ...
    (microsoft.public.exchange.admin)
  • Re: Is it really true that NTFS is secure?
    ... and failure auditing starting with "Audit Account Management," and also try ... The account Group got put back in the Administrator group again. ... The logon to account: Administrator ...
    (microsoft.public.security)