Re: Event Viewer/Security
- From: "BrianF" <bk266378@xxxxxxxxx>
- Date: Wed, 28 Feb 2007 10:29:34 +0100
"Wesley Vogel" <123WVogel955@xxxxxxxxxxx> wrote in message
news:O6X%23vprWHHA.488@xxxxxxxxxxxxxxxxxxxxxxx
ID: 576Thanks Wes. I guess it's not important that none of those articles cover
Source: Security
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.0&EvtID=576&EvtSrc=Security&LCID=1033
Event ID: 576
Source Security
http://www.eventid.net/display.asp?eventid=576&eventno=58&source=Security&phase=1
No need to subscribe to EventID.net....
M174074 is
Security Event Descriptions
http://support.microsoft.com/kb/174074
M264769 is
Event ID 576 Fills the Security Event Log When Auditing
http://support.microsoft.com/kb/264769
M822774 is
System Performance Decreases, and Many Event ID 576 Entries Are Logged to
the Security Event Log
http://support.microsoft.com/kb/822774
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:45e46d95$0$2938$ba620e4c@xxxxxxxxxxxxxx,
BrianF <bk266378@xxxxxxxxx> hunted and pecked:
I seem to be getting a large number of logon entries in this folder, most
successful but an occasional block of five failed entries saying an
incorrect password was attempted. This is quite worrying because I cannot
identify the origin of these attempts.
The PC has been thoroughly scanned for viruses, trojans and malware but
all come back negative - not surprising as I have a NAT router, personal
firewall, AVG, Windows Defender and PestPatrol all active.
On the other hand, I have three PCs running WindowsXP Pro and it is only
this one that has this problem.
An example of one random entry is:
Special privileges assigned to new logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Does this suggest anything to any of the experts here?
WinXP Pro specifically. In any case, they led me to the policies section of
Admin Tools where I see there is a whole bunch of stuff that I have never
had reason to look at previously. Consequently, I can confirm that I have
never set any of those policies and I'm not sure that I would dare to make
any changes without a bit more education on the subject.
Presumably all of these entries are relatively insignificant unless
associated with some other more direct warning, such as a flag from Windows
Defender or the AV program.
This morning, I noted 53 entries in the security log during the first 10
minutes after switching on. Five of those were the Audit Fail block that I
mentioned above. Most of the entries are 576 or 528 events. I just can't
understand why this machine logs these events whereas my two others do not,
especially as I have not set the security policies on any of them.
brianf
.
- References:
- Re: Event Viewer/Security
- From: Wesley Vogel
- Re: Event Viewer/Security
- Prev by Date: Simple XP security question
- Next by Date: Re: Question on Using NTBACKUP
- Previous by thread: Re: Event Viewer/Security
- Next by thread: Re: Unable to create account. Win XP SP2
- Index(es):
Relevant Pages
|
|
