Re: Domain Security
- From: Pheylan <Pheylan@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 10 Mar 2006 14:10:40 -0700
JPrice wrote:
Thank you for your reply. I have read all these articles, but I still have the CEO of the company breathing down my neck for answers. He doesn't want to hear "Microsoft says its something that can be ignored". I have to come up with something :)
Thanks in advance.
"JPrice" wrote:
I currently have a domain with 30 clients. Recently one of the users somehow ran across their Administrative tools in the control panel on their Windows XP Professional machines. They happen to look in the event viewer (not a place a user should be in this case). He happen to see a couple Failure audits, mainly the same time he goes to lunch. It's event id 529. He then proceeded to tell all the people except for the person's name that is in the event. As it turns out, only 3 workstations have this issue. Human Resources, Payroll, and the owner of the company. Now it's become a question of "is he trying to hack us?". According to most Microsoft answers, it's nothing to be worried about, but now they want a better answer. I do not have an answer for this. Can someone help me out?
Could you post the content of the Event, obfuscating anything sensitive? It could help to have some more specifics about what user type and which services are reacting.
.
- Prev by Date: locking down desktops
- Next by Date: Re: Win XP SP2 Security Center says my PC may be vulnerable
- Previous by thread: locking down desktops
- Next by thread: Re: Domain Security
- Index(es):
