Help from an MVP would be greatly appreciated.....

  • Thread starter Thread starter david
  • Start date Start date
D

david

I would greatly appreciate somebody allaying my fears
regarding the following issues:

1) Is it normal to read of 'failed security audits' due
to 'bad user/password' when I have successfully logged
on, and I am the only person able to (physically) access
my computer?

2) Why does the security log keep recording instances
of 'anonymous log-on's on my system, from (3) locality ie
remote access?

3) My security logs show that earlier this month
a 'package' was left which would notify the deliverer of
any changes to passwords and or user id's on my system.
Again, I am the only person who can physically access my
computer.

These issues, particularly item (3) are causing me no
small amount of alarm. I would appreciate any advice or
recommendations you may have.

Thanks for your time,

David
 
I'm not an MVP, but I can answer most of these.
1) Is it normal to read of 'failed security audits' due
to 'bad user/password' when I have successfully logged
on, and I am the only person able to (physically) access
my computer?
Click to expand...

If you use the "Welcome Screen" (the screen where you
click your username to log on), yes, this is normal if
the times on the failures match up with the times you
were at the welcome screen. There's a KB article
somewhere that talks about this.
2) Why does the security log keep recording instances
of 'anonymous log-on's on my system, from (3) locality ie
remote access?
Click to expand...

Anonymous logons are connections that do not provide
usernames or passwords. By default anonymous logons have
almost no rights at all, although in some cases they can
get a list of visible shares on the machine and a couple
things like that. If that worries you, search Google
for "RestrictAnonymous" and you'll get a ton of
information on this behavior and the way to set what you
want.

Note that if you are using a firewall on your Internet
connection that blocks incoming traffic, it becomes very
difficult for people to do things like this, or
otherwise 'hack' your machine.
3) My security logs show that earlier this month
a 'package' was left which would notify the deliverer of
any changes to passwords and or user id's on my system.
Again, I am the only person who can physically access my
computer.
Click to expand...

A lot of these particular events are benign, they are
system processes that handle remote access and security
functions - if they didn't load, your machine would be
having lots of trouble. Examples include LSASS, RasMan,
Winlogon, etc. What particular load is in the messages
you have?
 
-----Original Message-----
I'm not an MVP, but I can answer most of these.


If you use the "Welcome Screen" (the screen where you
click your username to log on), yes, this is normal if
the times on the failures match up with the times you
were at the welcome screen. There's a KB article
somewhere that talks about this.


Anonymous logons are connections that do not provide
usernames or passwords. By default anonymous logons have
almost no rights at all, although in some cases they can
get a list of visible shares on the machine and a couple
things like that. If that worries you, search Google
for "RestrictAnonymous" and you'll get a ton of
information on this behavior and the way to set what you
want.

Note that if you are using a firewall on your Internet
connection that blocks incoming traffic, it becomes very
difficult for people to do things like this, or
otherwise 'hack' your machine.


A lot of these particular events are benign, they are
system processes that handle remote access and security
functions - if they didn't load, your machine would be
having lots of trouble. Examples include LSASS, RasMan,
Winlogon, etc. What particular load is in the messages
you have?
.
Click to expand...

Thanks for your advice Dave; it has certainly helped me
out. I'll have to check back in the security logs to see
exactly what was loaded but I thought it odd that someone
else would be receiving notification of any changes in my
user ID's or passwords. Also, before this had happened,
there were a number of attempted logins using various
user ID's. Sorry I forgot to mention this before but I
was just desperate to get an answer on my
imediate 'problems'...........
 
Back
Top