Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Question about events in the event viewer on Xp machines.

Status
Not open for further replies.
craiga1027

craiga1027

IS-IT--Management
May 2, 2003
11
0
0
US
We have a computer running Windows ME that registers an even on each Windows XP machine on our network each morning when the computer in question logs into the network. There is no reference to the computer logging on to our domain server.
The event on each XP machine is as follows.

Event

Date: 1/13/04 Source: Security
Time: 07:16:12 Category Logon/Logoff
Type: Success A Event ID: 540
Usser: Okagriculture\{username}
Compuer: {computer name}

Description
Successful Network Logon:
Username: {username}
Domain: {domain name}
Logon ID:
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation: \\{computername}
Logon GUID:
This happens every morning when this computer logs onto the network.

Is there a virus that attempts to connect to all Windows XP machines or a known vulnerability. (all windows updates have been performed)
 
Sort by date Sort by votes
See if a LAN management package is running on the machine, or a packet sniffer.

As far as I know the only vulnerability was in the original NT OS; that it poses no vulnerabilities for Win2k or XP.
 
Upvote 0 Downvote
This event indicates that a remote user has successfully connected from the network to a local resource on the workstation, generating a token for the network user. For example, mapping a drive to a network share or logging with an account whose profile has a drive mapping would generate this auditing message.
is very helpful in searching Event ID's as well as
Cliff, CCNA/MCSE/MCSA 2000
Network Administrator
 
Upvote 0 Downvote
Techy69,

Yes, but...
This is not "standard" behavior.
 
Upvote 0 Downvote
It is probably the "ME" part after Windows on that machine :)

Cliff, CCNA/MCSE/MCSA 2000
Network Administrator
 
Upvote 0 Downvote
I was wondering exactly that point.

Do you know if ME asserts this by default?
 
Upvote 0 Downvote
I do not have a lot of exposure on ME, but it is worth researching. I will let you know if I find anything.

Cliff, CCNA/MCSE/MCSA 2000
Network Administrator
 
Upvote 0 Downvote
Thanks.

I will still hold to my belief that a third-party LAN management package, or a packet sniffer was installed until I hear from your or the original poster.
 
Upvote 0 Downvote
Thanks for all the info. I am check it out and see if there is any lan management software or packing sniffing software running.

**I am not real familar with windows me either, but we have several computers running me and there is only one with this unique problem.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
252
Flinx
Flinx
spamjim
  • Locked
  • Question
Sanitizing illegal filenames on NTFS volumes
Replies
2
Views
86
spamjim
spamjim
bobadams52
  • Locked
  • Question
error 12 program swcocx in mas90
Replies
0
Views
87
bobadams52
bobadams52
hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
220
Ign3us
Ign3us
pjw001
  • Locked
  • Question
How to configure Bookmarks in Chrome 2
Replies
4
Views
123
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top