Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Odd behaviour from lan PC - every 2 hours

Status
Not open for further replies.
dentarthurdent

dentarthurdent

Technical User
Jul 2, 2002
95
GB
I've noticed some behaviour from an NT workstation on my NT domain lan that I can't explain. The user has a habit of leaving the computer on at night and when he does I get a series of domain logons appearing in the event log of the domain controller. The logons are from his workstation, using his username.
2 things struck me. 1st that the logons are exactly 2 hours apart. 2nd that the duration of the session is exactly 15 mins each time.
I'm sure there must be a simple explanation for this that is staring me in the face but I'm afraid I can't see it.
I have checked for spyware and virus's and can't find any trace.

Thanks, Will.
 
Sort by date Sort by votes
Apart from the usual services there are a few Compaq specific services listed (remote diagnostics, web agents etc). The messenger service is also running. However I don't think there's anything that different from the other workstations.
Dameware remote utilities were also installed (these are no longer needed and I have removed them) I wonder if this is the problem ? I'll see what happens now.

Will.
 
Upvote 0 Downvote
Using NetMeeting to dial in from home?

Chip H.


If you want to get the best response to a question, please check out FAQ222-2244 first
 
Upvote 0 Downvote
I believe the default idle connection logoff time is 15 minutes, so that would explain the connection duration.
 
Upvote 0 Downvote
Chip H,

Not currently using Netmeeting but have done in the past. Why do you ask ?

Will.
 
Upvote 0 Downvote
You would see a logon request from it when they connect.

It is odd, though, that it's 2 hours on the nose. Would have to be a piece of software.

Maybe some spyware, or perhaps some p2p sharing program? Could even be a screensaver.

Chip H.


If you want to get the best response to a question, please check out FAQ222-2244 first
 
Upvote 0 Downvote
The workstation uses DHCP but this should not require authentication.
I'm going to put a sniffer on his machine overnight to see where it goes on it's midnight wanderings. I just know this is going to turn out to be something really boring when I find it (although I don't know why that should disappoint me!).

Thanks,
Will.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
583
nnaarrnn
nnaarrnn
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
250
hairlessupportmonkey
hairlessupportmonkey
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
159
ITSUPPORTIT
ITSUPPORTIT
mackland1903
  • Locked
  • Question
Populate oblect group from DNS
Replies
1
Views
168
burtsbees
burtsbees
shmideo
  • Locked
  • Question
How to set up a wireless LAN on X5 interface TZ500
Replies
1
Views
133
shmideo
shmideo

Part and Inventory Search

Sponsor

Back
Top