Help from an MVP would be greatly appreciated.....
From: david (david_at_clinch1535.freeserve.co.uk)
Date: 08/18/03
- Next message: st0rmraven: "sethook.exe"
- Previous message: st0rmraven: "security issue with windows"
- In reply to: David Jones: "Help from an MVP would be greatly appreciated....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 17 Aug 2003 23:37:57 -0700
>-----Original Message-----
>I'm not an MVP, but I can answer most of these.
>
>>1) Is it normal to read of 'failed security audits' due
>>to 'bad user/password' when I have successfully logged
>>on, and I am the only person able to (physically)
access
>>my computer?
>
>If you use the "Welcome Screen" (the screen where you
>click your username to log on), yes, this is normal if
>the times on the failures match up with the times you
>were at the welcome screen. There's a KB article
>somewhere that talks about this.
>
>>
>>2) Why does the security log keep recording instances
>>of 'anonymous log-on's on my system, from (3) locality
>ie
>>remote access?
>
>Anonymous logons are connections that do not provide
>usernames or passwords. By default anonymous logons
have
>almost no rights at all, although in some cases they can
>get a list of visible shares on the machine and a couple
>things like that. If that worries you, search Google
>for "RestrictAnonymous" and you'll get a ton of
>information on this behavior and the way to set what you
>want.
>
>Note that if you are using a firewall on your Internet
>connection that blocks incoming traffic, it becomes very
>difficult for people to do things like this, or
>otherwise 'hack' your machine.
>
>>
>>3) My security logs show that earlier this month
>>a 'package' was left which would notify the deliverer
of
>>any changes to passwords and or user id's on my system.
>>Again, I am the only person who can physically access
my
>>computer.
>
>A lot of these particular events are benign, they are
>system processes that handle remote access and security
>functions - if they didn't load, your machine would be
>having lots of trouble. Examples include LSASS, RasMan,
>Winlogon, etc. What particular load is in the messages
>you have?
>.
>
Thanks for your advice Dave; it has certainly helped me
out. I'll have to check back in the security logs to see
exactly what was loaded but I thought it odd that someone
else would be receiving notification of any changes in my
user ID's or passwords. Also, before this had happened,
there were a number of attempted logins using various
user ID's. Sorry I forgot to mention this before but I
was just desperate to get an answer on my
imediate 'problems'...........
- Next message: st0rmraven: "sethook.exe"
- Previous message: st0rmraven: "security issue with windows"
- In reply to: David Jones: "Help from an MVP would be greatly appreciated....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
