Re: Help with Security Audits

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/01/05 

Date: Wed, 1 Jun 2005 11:25:56 -0500

Check to see if there is a local user account by that name on the server.
The command net users would be a quick way. For a domain computer, domain
accounts could also be used to attempt access. When you say profile I don't
know if you mean user account or user profile as the term seems to be
interchanged a lot. A profile will not be created until the user logs onto
the computer at the console or via TS. If that computer should not be
offering network shares then disable file and print sharing on it or modify
the user right for access this computer from the network to include only the
users/groups that should be accessing shares on the computer. It would also
be a good idea to have auditing of account management enabled to see if
unauthorized user accounts are being created/deleted. --- Steve

"WP" <WP@discussions.microsoft.com> wrote in message
news:7921EF0D-005C-4A69-B3EF-54DAE1B11FE0@microsoft.com...
>I have a win2k terminal server with citrix installed
> I have auditing setup on this server for successful and unsuccessful logon
> events
> In my event viewer I have this
>
> Event Type: Success Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 540
> Date: 6/1/2005
> Time: 6:36:40 AM
> User: RMH\ecoombs
> Computer: RMH-CITRIX-1
> Description:
> Successful Network Logon:
> User Name: xxxxxxx
> Domain: xxxxx
> Logon ID: (0x0,0xE5CD350)
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Workstation Name: xxxxxxxx
> This user doesnt show a profile on the server so I am wondering how to
> track
> down what type of activity it was
> This user shouldnt be accessing this server
> Thanks in advance
>

Relevant Pages

  • Re: mydocuments missing after logff logon sbs2003 win xp
    ... another domain user account, and logon another client computer with this ... I think this user profile on this ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Problems with Domain Join for XPE FP2007
    ... If you logon to local account, are you able to get to domain resources using the same domain user account ... you can enable audit and logging on the server side and see why it is rejecting the client logon request. ... try to do a domain join, I'm getting various errors that prevent the ...
    (microsoft.public.windowsxp.embedded)
  • Re: Calling NetUserChangePassword for changing other user password
    ... I perform a logon via the function ... 'NetUserChangePassword' with the Target user... ... A server or domain can be configured to require a user ... group or the user can change the password for a user account. ...
    (microsoft.public.windows.server.networking)
  • Re: Changed Name & Lost Access
    ... The default administrator account is a user account and if you have fast ... then both will come up on the blie XP logon screen. ... Advanced, User profiles, and copy the "Preferred Customer" profile to the ...
    (microsoft.public.win2000.dns)
  • Re: Default printers
    ... Everyone has a roaming profile, specifically to be able to logon to a spare ... workstation in case theirs goes down. ... (like the one that is the default on the server), ...
    (microsoft.public.windows.server.sbs)