Re: $ ACCOUNT
From: Eric Fitzgerald [MSFT] (ericf@online.microsoft.com)
Date: 01/30/03
- Next message: Eric Fitzgerald [MSFT]: "Re: Anonymous Logon in Event Log"
- Previous message: Eric Fitzgerald [MSFT]: "Re: Changeing of object ownership detection via Event Viewer"
- In reply to: Nagaraj: "$ ACCOUNT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Eric Fitzgerald [MSFT]" <ericf@online.microsoft.com> Date: Wed, 29 Jan 2003 18:06:34 -0800
You might have a rogue administrator starting a process as localsystem and
deleting the account. Find out who was logged on to the system at the time
(pair up your logon/logoff audits [528 & 538], and find the pairs that
bracket this event).
Eric
-- Eric Fitzgerald Program Manager, Windows Auditing and Intrusion Detection Microsoft Corporation This posting is provided "AS IS" with no warranties, and confers no rights. "Nagaraj" <raju@stylusinc.com> wrote in message news:04c601c2c2f7$938fca20$8df82ecf@TK2MSFTNGXA02... > Hi. > I have installed Windows 2000 server with SP3.and I have > installed ADS also, Now in ADS accounts get deleted > automatically . Our server name is HERA See the following . > User Account Deleted: > Target Account Name: harish > Target Domain: STYLUSINC > Target Account ID: harish > DEL:9dcf449f-8d6f-47e2-93be-fc2241cd6863 > Caller User Name: HERA$ > Caller Domain: STYLUSINC > Caller Logon ID: (0x0,0x3E7) > Privileges: - > > What is this HERA$ account, and why it is deleting the > user accounts automatocally. > Please help me , > > Regards > Raju >
- Next message: Eric Fitzgerald [MSFT]: "Re: Anonymous Logon in Event Log"
- Previous message: Eric Fitzgerald [MSFT]: "Re: Changeing of object ownership detection via Event Viewer"
- In reply to: Nagaraj: "$ ACCOUNT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
