Re: change administrator password
From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 09/16/04
- Next message: roy appleton: "Windows 2000 Log On"
- Previous message: Miha Pihler: "Re: loopholes in win 2000 & how we can break sam file"
- In reply to: Bob: "change administrator password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Sep 2004 15:13:30 +0200
Hi Bob,
It could be just about anything. E.g. network mapping that use old password
or scheduled jobs etc.
Here is tool from Microsoft that might be able to help you out figure out
what process is causing you these problems.
Account Lockout and Management Tools
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
I hope it helps,
Mike
"Bob" <bob@hotmeel.com> wrote in message
news:41495f7e$0$18552$ba620e4c@news.skynet.be...
> We have 2 domaincontrollers with Windows 2000 Server SP3.
> Since I changed the administrator password, I get a lot of these events in
> the Security Event Viewer (see below).
>
> Is it possible that some processes or programs still try to use the old
> password?
> Is there a procedure to follow when changing the administrator password,
> just to be sure that the new password is transfered to all processes on
all
> the DC's.
> I also have some PC's which are used p.e. as printserver or antivirus
> updateserver, that start with the administrator password or wiht a user
with
> administrator priviliges. Is there a way to submit the new administrator
> password to processes that run on such PC's?
>
> I must say, all the programs that run on our servers : Exchange, Arcserve
> Backup, F-Secure Antivirus, Progress Database,... seem to work fine.
> So why all these event messages?
>
> Kind regards,
>
> Bob Goetschalckx
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> Date: 10/09/2004
> Time: 20:11:32
> User: NT AUTHORITY\SYSTEM
> Computer: NameOfDC
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: out_domain\Administrator
> Domain: NameOfDC
> Logon Type: 3
> Logon Process: Advapi
> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name: NameOfDC
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 681
> Date: 10/09/2004
> Time: 20:11:32
> User: NT AUTHORITY\SYSTEM
> Computer: NameOfDC
> Description:
> The logon to account: out_domain\Administrator
> by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> from workstation: NameOfDC
> failed. The error code was: 3221225572
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 677
> Date: 10/09/2004
> Time: 15:12:25
> User: NT AUTHORITY\SYSTEM
> Computer: NameOfDC
> Description:
> Service Ticket Request Failed:
> User Name: NameOfDC$
> User Domain: out_domain
> Service Name: krbtgt/our_domain
> Ticket Options: 0x2
> Failure Code: 0x20
> Client Address: 127.0.0.1
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> Date: 10/09/2004
> Time: 10:11:13
> User: NT AUTHORITY\SYSTEM
> Computer: NameOfDC
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: administrator
> Domain: our_domain
> Logon Type: 2
> Logon Process: User32
> Authentication Package: Negotiate
> Workstation Name: NameOfDC
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 677
> Date: 16/09/2004
> Time: 5:01:03
> User: NT AUTHORITY\SYSTEM
> Computer: NameOfDC
> Description:
> Service Ticket Request Failed:
> User Name: NameOfDC$
> User Domain: out_domain
> Service Name: ldap/NameOfDC.our_domain.be
> Ticket Options: 0x40810010
> Failure Code: 0x6
> Client Address: 127.0.0.1
>
>
>
- Next message: roy appleton: "Windows 2000 Log On"
- Previous message: Miha Pihler: "Re: loopholes in win 2000 & how we can break sam file"
- In reply to: Bob: "change administrator password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
