Re: Failure audit in security log
From: Eric Fitzgerald [MS] (ericf@online.microsoft.com)
Date: 10/31/02
- Next message: Eric Fitzgerald [MS]: "Re: Failure audit in security log"
- Previous message: Torgeir Bakken (MVP): "Re: upgrading"
- In reply to: AiKay: "Failure audit in security log"
- Next in thread: Eric Fitzgerald [MS]: "Re: Failure audit in security log"
- Reply: Eric Fitzgerald [MS]: "Re: Failure audit in security log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Eric Fitzgerald [MS]" <ericf@online.microsoft.com> Date: Thu, 31 Oct 2002 12:13:28 -0800
If the workstation is on the same subnet as you, or if it points to your
WINS environment, then the following command will return the machine's IP
address:
nbtstat -a workstationname
If the machine is not resolvable by WINS or broadcast, then no, you can't
get any more information about it after the fact.
Eric
"AiKay" <iwazeer2@hotmail.com> wrote in message
news:#F#gxFPgCHA.2256@tkmsftngp12...
> I saw some Failure audits in my security log with Event Code Ids 529 and
> 681. The log (in event viewer) only shows a workstation name in the
> Workgroup domain. Is there anyway I can find out more information about
that
> workstation or try to gather more information that will be useful for my
> network security person?
>
> Aikay
>
>
- Next message: Eric Fitzgerald [MS]: "Re: Failure audit in security log"
- Previous message: Torgeir Bakken (MVP): "Re: upgrading"
- In reply to: AiKay: "Failure audit in security log"
- Next in thread: Eric Fitzgerald [MS]: "Re: Failure audit in security log"
- Reply: Eric Fitzgerald [MS]: "Re: Failure audit in security log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
