Re: Help with Security Audits
From: barry (bmercer_at_bnota.tk.com)
Date: 06/01/05
- Next message: WP: "Re: Help with Security Audits"
- Previous message: WP: "Help with Security Audits"
- In reply to: WP: "Help with Security Audits"
- Next in thread: WP: "Re: Help with Security Audits"
- Reply: WP: "Re: Help with Security Audits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 01 Jun 2005 13:36:58 GMT
"WP" <WP@discussions.microsoft.com> wrote in message
news:7921EF0D-005C-4A69-B3EF-54DAE1B11FE0@microsoft.com...
>I have a win2k terminal server with citrix installed
> I have auditing setup on this server for successful and unsuccessful logon
> events
> In my event viewer I have this
>
> Event Type: Success Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 540
> Date: 6/1/2005
> Time: 6:36:40 AM
> User: RMH\ecoombs
> Computer: RMH-CITRIX-1
> Description:
> Successful Network Logon:
> User Name: xxxxxxx
> Domain: xxxxx
> Logon ID: (0x0,0xE5CD350)
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Workstation Name: xxxxxxxx
> This user doesnt show a profile on the server so I am wondering how to
> track
> down what type of activity it was
> This user shouldnt be accessing this server
> Thanks in advance
>
logon type 3 is network logon.
- Next message: WP: "Re: Help with Security Audits"
- Previous message: WP: "Help with Security Audits"
- In reply to: WP: "Help with Security Audits"
- Next in thread: WP: "Re: Help with Security Audits"
- Reply: WP: "Re: Help with Security Audits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
