Re: weird security logs

From: NeoSadist (neos@dist)
Date: 10/31/02


From: "NeoSadist" <neos@dist>
Date: Wed, 30 Oct 2002 19:20:21 -0700


"Eric Fitzgerald [MS]" <ericf@online.microsoft.com> wrote in message
news:3dc07d97$1@news.microsoft.com...
> Usually this is the browser service. If you want to experiment, turn off
> the browser service on all your machines (just stop it, don't disable, no
> reboot required, and restart it when you're done testing).
>
> You can make sure that anonymous is not getting any unnecessary privileges
> by setting RestrictAnonymous to 1.
>
> Eric
>
> "NeoSadist" <neos@dist> wrote in message
> news:us0cvrrpqpjc44@corp.supernews.com...
> > I'm getting a lot of authentication logs in the security logs on an
> > ANONYMOUS user logging into my computers on win2k peer to peer workgroup
> > connected to a linksys router. They're success logs, with a type 3
login.
> > Does anyone know where I can learn how to decipher the event logs? I
> don't
> > know what the event ID's mean either.
> >
> >
>
>

It's on restrictanonymous = 2 (no access without explicit permissions) and
my security log logs when both login types have either success or failure.
I remove the everyone group from "Access this computer from the network".
So then I guess it's services and browser stuff. I guess it's cause I have
my local security policy \ local policies \ audit policy settings to success
and failure on both account logon events and logon events. I'll try
disabling the audit success on both and audit just fail. Thanks for helping
me to figure it out!



Relevant Pages

  • Re: weird security logs
    ... >>> I'm getting a lot of authentication logs in the security logs on an ... > my security log logs when both login types have either success or failure. ... > and failure on both account logon events and logon events. ... > disabling the audit success on both and audit just fail. ...
    (microsoft.public.win2000.security)
  • Re: Auditing Workstation logons from DC
    ... logs you are at risk of reliability loss by local admin flushing of logs. ... >>> well as interactive directly into the Domain Controller itself. ... >>> Settings for Audit account logon to Success and Audit logon events to ... I have Domain Controller Settings to audit account logon to ...
    (microsoft.public.security)
  • Re: Connection Failure -- 360 and Media Center
    ... network device Provider ... Windows security auditing, cryptographic operation, success. ... I'm getting these logs by creating a custom view of events logged in ...
    (microsoft.public.windows.mediacenter)
  • Re: MS Vulnerability? I was hacked!
    ... The DNS server encountered an invalid domain name offset ... can I pull logs of what they did? ... >So that leads me to belive its something in IIS. ... >>gave up after having no success. ...
    (microsoft.public.inetserver.iis.security)
  • Re: MS Vulnerability? I was hacked!
    ... I was the lat person to access my logs before ... My mail server is clean... ... So that leads me to belive its something in IIS. ... >gave up after having no success. ...
    (microsoft.public.inetserver.iis.security)