NtLmSsp -- Login

From: Greg (greg_68_at_hotmail.com)
Date: 07/13/03

Next message: Steven Umbach [MVP]: "Re: IPSEC"
Previous message: Dmitry Korolyov: "Re: Alerting deletion of SAM"
Next in thread: Steven Umbach [MVP]: "Re: NtLmSsp -- Login"
Reply: Steven Umbach [MVP]: "Re: NtLmSsp -- Login"
Reply: Eric Fitzgerald [MSFT]: "Re: NtLmSsp -- Login"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 12 Jul 2003 16:06:58 -0700

I was looking through the security section of the event viewer and found a
login and was hoping someone could tell me how the login was done (remote
login or local login).:

Successful Network Logon:
  User Name:
  Domain:
  Logon ID: (0x0,0xA3B6)
  Logon Type: 3
  Logon Process: NtLmSsp
  Authentication Package: NTLM
  Workstation Name:
  Logon GUID: -
  Caller User Name: -
  Caller Domain: -
  Caller Logon ID: -
  Caller Process ID: -
  Transitted Services: -
  Source Network Address: -
  Source Port: -

The event viewer title for this event shows Anonymous login. What login
process is NtLmSsp?

Thanks.

Next message: Steven Umbach [MVP]: "Re: IPSEC"
Previous message: Dmitry Korolyov: "Re: Alerting deletion of SAM"
Next in thread: Steven Umbach [MVP]: "Re: NtLmSsp -- Login"
Reply: Steven Umbach [MVP]: "Re: NtLmSsp -- Login"
Reply: Eric Fitzgerald [MSFT]: "Re: NtLmSsp -- Login"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Login Errors Seem to indicate we are being hacked?
... I've got ISA configured so it only allows SMTP and RWW, and I use RWWGuard for RWW security, so I'm confident that in my case it can't be anything but SMTP. ... Logon Failure: ... Caller User Name: SERVER01$ ... Ie what is a logon type 3 and what do the caller Login ...
(microsoft.public.windows.server.sbs)
Re: Event ID 529, NTLMSSP error from a foreign computer
... I'd be looking internal...an unsecured wireless access point, or somebody plugging a laptop into an unsecured port, etc. ... Logon Failure: ... Caller User Name: - ... what kind of login attempt would it be? ...
(microsoft.public.windows.server.sbs)
Re: NtLmSsp -- Login
... type three is a network logon. ... > login and was hoping someone could tell me how the login was done (remote ... > The event viewer title for this event shows Anonymous login. ...
(microsoft.public.win2000.security)
Re: Hacking attempts?
... Event Source: Security ... Logon Failure: ... Caller User Name: SERVER$ ... Upon examining the security logs, I discovered that there were 9 login attempts a second, trying to login to the RWW with random user names. ...
(microsoft.public.windows.server.sbs)
Re: Hacking attempts?
... Event Source: Security ... Logon Failure: ... Caller User Name: SERVER$ ... Upon examining the security logs, I discovered that there were 9 login attempts a second, trying to login to the RWW with random user names. ...
(microsoft.public.windows.server.sbs)