Re: Security Event ID 534

From: Steven Umbach (n9rou_at_n0spam-comcast.net)
Date: 02/24/05 

Date: Wed, 23 Feb 2005 22:34:54 -0600

I am not sure exactly what is going on but the reason would be a lack of
privilege for the user right for access this computer from the network. You can
open Local Security Policy and go to security settings/local policies/user
rights and check for that user right and for deny access to this computer from
the network that will override any allow settings to make sure it is correct.
Normally at least users and administrators have the user right to access this
computer from the network. Check the application and system logs to see if there
any other possible events correlating to these errors by time. ---- Steve

"Richard Smith" <RichardSmith@discussions.microsoft.com> wrote in message
news:9DC611AD-F31E-4F9B-9E71-DFBBE7F000D7@microsoft.com...
> Hello,
>
> I am seeing alot of these Security Event Log errors on my Windows 2000
> Server.
>
> Type: Audit Failure
> Source: Security
> Event ID: 534
> Event Time: <Date and Time>
> User: NT AUTHORITY\SYSTEM
> Computer: <computername>
> Description:
> Logon Failure:
> Reason: The user has not been granted the requested
> logon type at this machine
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name: -
>
> The error seem to be saying that the SYSTEM account is trying to logon from
> the Network (logon type 3) and is failing. However I dont understand why the
> local System account would be accessing the server from the network! Doesnt
> make sense to me.
>
> Any light that could be shed on why Im getting these errors, would be a huge
> help.
>
> Many Thanks
>
> Richard

Relevant Pages

  • RE: Offer Remote Assistance - "Permission denied" - Windows XP SP2
    ... I am on a Novell network. ... > being made from and under the security context of a Local AND Domain ... > Allow logon through Terminal Services Administrators,Remote Desktop Users ... > Back up files and directories Administrators ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Help, Ive been hacked
    ... ID: 540 Source: Security ... > Event Type: Failure Audit ... > Event Category: Account Logon ... Your computer was not able to renew its address from the network ...
    (microsoft.public.windowsxp.security_admin)
  • Re: ATTN : Microsoft - Security Event 529....Second Request for help....
    ... According to the events, the logon ... failure is from the local machine account. ... disconnected from the network. ... Security Event ID 529 is a failure audit for logon/logoff. ...
    (microsoft.public.windows.server.sbs)
  • Re: No Shut Down or Restart for Domain Admins
    ... run rsop.msc from your DC and check which policy is responsible to this. ... I have created a group policy in a development network and imported it ... NT AUTHORITY\Authenticated Users Read (from Security Filtering) No ... Enforce user logon restrictions Enabled ...
    (microsoft.public.windows.server.active_directory)
  • Re: Unknown Domain user - domain authentication appears limited
    ... It sounds as if security policy changes were implemented without testing ... first in a test network or Organizational Unit which probably was not your ... Also keep in mind that deny logon locally and deny access to this ... > requested logon type at this computer. ...
    (microsoft.public.windows.server.security)