Re: Security Event Logs / Network access
- From: jwgoerlich@xxxxxxxxx
- Date: Fri, 21 Dec 2007 03:25:39 -0800 (PST)
Hello Jeff,
Yes, I agree with your analysis. The network print job requires a
network login. This gets logged in the sequence you mentioned.
J Wolfgang Goerlich
On Dec 20, 11:35 am, Jeff <J...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hello everyone,
Had a minor issue this morning with a client machine on our network
regarding thesecuritylogs being full and not allowing a user-level login
that wasn't an admin. This isn't the problem I am asking about however, this
has been corrected.
It prompted me to take a look into that computers event logs and it seems
that there are a lot of logon events for a particular user in thesecurity
log. This user however, prints to a shared printer on the target computer.
The machines are both Windows XP, sp2, running on a Windows 2003 ADS network.
The event logs in question are:
1st
Event ID: 576
Special privileges assigned to new logon
2nd
Event ID: 540
Successful Network Logon
3rd
Event ID: 538
User Logoff
I'm thinking that because the user prints to that printer on the target
machine, that thesecuritylog is simply tracking these 3 events every time
the user prints, is this correct?
It makes sense to me but I wanted to verify with someone else that these
events are perfectly normal and there shouldn't be asecuritybreach.
We're often so busy here that we don't have time to review logs very often..
--
Thanks, Jeff
.
- Prev by Date: Windows Automatic Updates
- Next by Date: Re: BE greatly surprised and pleased - *SPAM*
- Previous by thread: Windows Automatic Updates
- Next by thread: Re: BE greatly surprised and pleased - *SPAM*
- Index(es):
Relevant Pages
|
|
