Re: Security Log file full often
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Dec 2005 12:08:09 -0600
By default the security log is very small in size and you may want to
increase it to at least 5MB. Anonymous logons are normal in a network where
you are using file and print sharing and netbios over tcp/ip is enabled as
the computer browser service uses anonymous logon/null sessions to build and
maintain the browse list that you see in My Network Places. Of course you
should only be seeing computer names you recognize using a firewall to
protect your network from untrusted networks such as the internet. This
particular computer could also be seeing more then normal activity if it is
a master browser or backup browser. You can use the command nbtstat -n to
see if it is either of those. --- Steve
Example of nbtstat -n output
D:\Documents and Settings\Steve>nbtstat -n
Local Area Connection:
Node IpAddress: [192.168.1.52] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
STEVE-XP <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
STEVE-XP <20> UNIQUE Registered
WORKGROUP <1E> GROUP Registered
WORKGROUP <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
"Troy" <nospam> wrote in message
news:OdPJhlxBGHA.3980@xxxxxxxxxxxxxxxxxxxxxxx
>I have a workstation that the security log file gets full every few days.
>I
> saved and cleared the log file again this morning. The only entries are
> events 538 and 540's from the domain controller and another workstaion.
> Why am I seeing anonymous logins from another workstation?
>
> thanks!
>
>
.
- References:
- Security Log file full often
- From: Troy
- Security Log file full often
- Prev by Date: Re: Purge cached Credentials
- Next by Date: Re: Access denied to event viewer?
- Previous by thread: Re: Security Log file full often
- Next by thread: Win2k3/IIS Kerberos challenges
- Index(es):
Relevant Pages
|
|
