Hello all,
We are running NT4.0 SP6a with win98SE clients.
Ive just inherited the network and I know we shouldnt be running all these services on PDC, but on the PDC we have: WINS, DHCP, Exchange 4.5, RAS, Proxy 2.0
Along time before i came here IIS4 was also running on the PDC, but was removed and we no longer have any machines running IIS on our network.
When I started I discovered that both the IWAM_ and IUSER_<servername> accounts were both still active, dispite us not having IIS installed. Its been along time since ive used IIS, but I thourght these accounts were used by NT to authenticate web clients. (of which we have none)
So I disabled both accounts, but occasionally we recieve a load of event errors (ID 100: W3SVC) saying that the server was unable to log onto the IUSER_ account as the account is disabled.
Does anyone have any ideas to why the server is trying to use the iuser_ account. Is someone trying to hack us or what?
And how do I get more information about whats going on the the system other then the little info that event Viewer gives?
Thanks in advance for any information or help.
Julian K
MCSE/MCP+I
We are running NT4.0 SP6a with win98SE clients.
Ive just inherited the network and I know we shouldnt be running all these services on PDC, but on the PDC we have: WINS, DHCP, Exchange 4.5, RAS, Proxy 2.0
Along time before i came here IIS4 was also running on the PDC, but was removed and we no longer have any machines running IIS on our network.
When I started I discovered that both the IWAM_ and IUSER_<servername> accounts were both still active, dispite us not having IIS installed. Its been along time since ive used IIS, but I thourght these accounts were used by NT to authenticate web clients. (of which we have none)
So I disabled both accounts, but occasionally we recieve a load of event errors (ID 100: W3SVC) saying that the server was unable to log onto the IUSER_ account as the account is disabled.
Does anyone have any ideas to why the server is trying to use the iuser_ account. Is someone trying to hack us or what?
And how do I get more information about whats going on the the system other then the little info that event Viewer gives?
Thanks in advance for any information or help.
Julian K
MCSE/MCP+I