Re: Event Viewer

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/07/03

• Next message: Steven L Umbach: "Re: Reference memory Error"
• Previous message: Vicky: "Reference memory Error"
• In reply to: CC: "Event Viewer"
• Next in thread: CC: "Re: Event Viewer"
• Reply: CC: "Re: Event Viewer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 07 Dec 2003 01:04:36 GMT

The link below explains some of the Event ID's you are seeing. He is authenticating
against your computer for some reason and probably nothing to worry about. You could
try to temporarily add his user account to "deny access to this computer from the
network" user right in Local Security Policy and reboot. Then he should get some
error message on his computer when the application/process that needs authentication
fails. --- Steve

http://is-it-true.org/nt/atips/atips155.shtml

"CC" <cgdev1@yahoo.com> wrote in message
news:86d8abb3.0312061308.7b7dbf5d@posting.google.com...
> Why does a coworker's userID appear as a user in my Event Viewer
> Security Log so often??
>
> Here's an example..
> Date: 12/5/2003 Source: Security
> Time: 8:00 Category: Logon/Logoff
> Type: Success Event ID: 540 (sometimes says 538)
> User: OurDomainName\HisUserID
> Computer: MycomputerName
>
> Successful Network Logon:
> User Name: HisUserID
> Domain
> Logon ID: (0x0,0x2SAF83B)
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name:
>
> This seemed to have started when I logged into our network on his
> laptop to install a VB program. We both use Windows 2000 (though I
> have a desktop). Is it possible it has anything to do with MSN
> Messenger? I seem to get an entry in my Security Log every time he
> starts his Messenger.
>
> Please Help!! Doesn't look good to have his name all over my security
> log!
> I'm not very familiar with security, so pardon me if I'm posting to
> the wrong place.

---

• Next message: Steven L Umbach: "Re: Reference memory Error"
• Previous message: Vicky: "Reference memory Error"
• In reply to: CC: "Event Viewer"
• Next in thread: CC: "Re: Event Viewer"
• Reply: CC: "Re: Event Viewer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Unusual logon / logoff Security event log ... I researched the MPS Report but didn't find the Security log. ... Click Services tab and select Hide All Microsoft Services and Disable ... and a logon GUID. ... (microsoft.public.windows.server.sbs) Re: username:password @domain.com ... Set the logon parameter to |Automatic logon only in Intranet ... The tool-tip that details the User Authentication settings is ... Logon session details, it does not make explicit mention of it, ... no guarantees as to the security of this implementation. ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: IIS6 prompting for username and password ... Security log was full. ... > Logon Failure: ... > Caller User Name: NETWORK SERVICE ... (microsoft.public.inetserver.iis.security) Re: How to find out what computer a user logged in on. ... For a domain your best bet is to enable auditing of logon events in Domain ... Controller Security Policy and for domain computers enable auditing of logon ... security log quite a bit on your domain controllers to sat at least 10MB. ... (microsoft.public.win2000.security) Re: tracking users login and logoff ... With PRO you can use Local Security Policy (Control Panel, ... Audit Account Logon Events Success and/or failure) ... Start, Run, Eventvwr.msc and look in the Security Log. ... (microsoft.public.windowsxp.customize)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)