Security audit question
From: Agustin Chernitsky (agustinchernitskyNOSPAM@hotmail.com)
Date: 12/12/02
- Next message: Tom Kreinbrook: "lost admin password"
- Previous message: Sky Ingram [MS]: "RE: multiple logons"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Agustin Chernitsky" <agustinchernitskyNOSPAM@hotmail.com> Date: Thu, 12 Dec 2002 00:25:14 -0300
Hi Guys,
I got this in my security event log:
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 11/12/2002
Time: 03:34:31 p.m.
User: NT AUTHORITY\SYSTEM
Computer: WWW01
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_USER
Object Name: DOMAINS\Account\Users\000003E8
New Handle ID: 766304
Operation ID: {0,76016149}
Process ID: 264
Primary User Name: WWW01$
Primary Domain: SOME
Primary Logon ID: (0x0,0x3E7)
Client User Name: WWW01$
Client Domain: SOME
Client Logon ID: (0x0,0x3E7)
Accesses ChangePassword (with knowledge of old password)
Privileges -
I guess someone changed his password, still I don't know who. Is there a way
to know this with this info???
Thanks!!
- Next message: Tom Kreinbrook: "lost admin password"
- Previous message: Sky Ingram [MS]: "RE: multiple logons"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
