Re: Computer Account Changed, by NT AUTHORITY\ANONYMOUS LOGON?!

It is not unusual to see null sessions entries in the security log. The
event below looks like it was to indicate that the computer password was
changed. I would not worry if the computer functions fine and passes the
netdiag test for secure channel which is what the computer password is used
for. I would be more concerned when seeing unexplained logons of user
account that are in privileged groups or repeated logon failures for
privileged group users such as administrator. --- Steve


<kj@xxxxxxxxx> wrote in message
news:1151948938.995954.25420@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,

I recently noticed this popping up in the securiry section of event
viewer:

Computer Account Changed:
-
Target Account Name: JARR03$
Target Domain: JARR
Target Account ID: JARR\JARR03$
Caller User Name: SERVER$
Caller Domain: JARR
Caller Logon ID: (0x0,0x3E7)
Privileges: -
Changed Attributes:
Sam Account Name: -
Display Name: -
User Principal Name: -
Home Directory: -
Home Drive: -
Script Path: -
Profile Path: -
User Workstations: -
Password Last Set: 7/3/2006 6:22:28 PM
Account Expires: -
Primary Group ID: -
AllowedToDelegateTo: -
Old UAC Value: -
New UAC Value: -
User Account Control: -
User Parameters: -
Sid History: -
Logon Hours: -
DNS Host Name: -
Service Principal Names: -


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I haven't seen this message before and it only occours once per
computer. What worries me is how the 'User' is NT AUTHORITY\ANONYMOUS
LOGON

Is this something to be worried about?



.

Relevant Pages