I'm stumped with an issue on a webserver. This is Win2000 Std Server that acts as our internal webserver and also serves as our antivirus distribution server.
We started receiving failed logons from our security log last week. The logon indicates the user was connecting through the localhost. There are entries for both success and failure for the logon. But the logon doesn't appear to start any processes or services. Indeed, it looks like all it's doing is opening a folder, like it's a local session with the folder left open. In reality, there's no local logon, neither locally nor from network. If I allow the user, and the user ID is my other network admin, to logon as a service, the security log no longer logs a failure but instead a success.
There are lots of logon and logoffs, but in essence the only result I see is this odd open folder.
Any rough ideas on how I can track down the session? I've cross-checked all processes and services with no success. Also, every suspect process I've halted has had no effect on the mystery session. It doesn't appear to have any effect on the server, but it's just bugging the hell out of me.
We started receiving failed logons from our security log last week. The logon indicates the user was connecting through the localhost. There are entries for both success and failure for the logon. But the logon doesn't appear to start any processes or services. Indeed, it looks like all it's doing is opening a folder, like it's a local session with the folder left open. In reality, there's no local logon, neither locally nor from network. If I allow the user, and the user ID is my other network admin, to logon as a service, the security log no longer logs a failure but instead a success.
There are lots of logon and logoffs, but in essence the only result I see is this odd open folder.
Any rough ideas on how I can track down the session? I've cross-checked all processes and services with no success. Also, every suspect process I've halted has had no effect on the mystery session. It doesn't appear to have any effect on the server, but it's just bugging the hell out of me.