|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Troubling event 540I have been getting these logs since 12/19. Workstation is unknown to us. I am very concern. Any ideas? hackers? Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 1/4/2007 Time: 9:35:43 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: TS2 Description: Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x6AB9DB) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: CAFEMGR2 Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: XX.XXX.XXX.65 Source Port: 0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ------------------------------------------------------- Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 538 Date: 1/4/2007 Time: 9:35:53 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: TS2 Description: User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0x6AB9DB) Logon Type: 3 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Do you have VPN users?
Is TS2 a terminal server?? If it is then an older version of the terminal server client can cause a "anonymous" type log entry when it connects but before the acuall "sucessful" login.. By simply connecting to request the login.. You can use 2X SecureRDP as a tool to both restrict older client versions and beef up security all around... and it's FREE. I don't recal the address, you'll have to Google it. Cheers Show quoteHide quote "tnt" <t**@discussions.microsoft.com> wrote in message news:918E3EE4-8942-4945-B439-7DC8BDF285EA@microsoft.com... > Hi, > > I have been getting these logs since 12/19. Workstation is unknown to us. > I am very concern. Any ideas? hackers? > > Event Type: Success Audit > Event Source: Security > Event Category: Logon/Logoff > Event ID: 540 > Date: 1/4/2007 > Time: 9:35:43 AM > User: NT AUTHORITY\ANONYMOUS LOGON > Computer: TS2 > Description: > Successful Network Logon: > User Name: > Domain: > Logon ID: (0x0,0x6AB9DB) > Logon Type: 3 > Logon Process: NtLmSsp > Authentication Package: NTLM > Workstation Name: CAFEMGR2 > Logon GUID: - > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: XX.XXX.XXX.65 Source Port: 0 > > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > ------------------------------------------------------- > > Event Type: Success Audit > Event Source: Security > Event Category: Logon/Logoff > Event ID: 538 > Date: 1/4/2007 > Time: 9:35:53 AM > User: NT AUTHORITY\ANONYMOUS LOGON > Computer: TS2 > Description: > User Logoff: > User Name: ANONYMOUS LOGON > Domain: NT AUTHORITY > Logon ID: (0x0,0x6AB9DB) > Logon Type: 3 > > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > >  
Thread options
Other interesting topics
Folder redirection not working
Option 135 not available in DHCP Scope Options Mapped Drives keep disappearing Intermittent Very Long domain logon time Standalone antivirus for Windows 2003 Server Standard DOS Programs won't Run! script out server information R2 DFS problems Windows 2003 Performance vs. 2000 Server LocalSystem execution rights |
|||||||||||||||||||||||
