S
scott
I have a Windows XP Pro system with Service Pack 2, connected to a
Samba server (if that makes any difference). Auditing on the Windows
machine is turned on, and the security logs show two accounts with
logoff times long after their login times. This machine is in an
isolated network.
I am the only person with admin rights.
What might cause Windows XP w/SP2 to record a delayed logoff? I
searched for any file creation/modification dates for the date/time of
the logoff entry, but there was no hit.
The first Event ID is 551, followed by 538.
I have reviewed all the audit logs I could find, but on the Windows
system and the samba server, but no correlations anywhere.
Insights are welcome. I don't believe the system was hacked - I
just need to find out why/how Windows reported logoffs long after the
user logged in (one person's entry was about 12 hours after the fact,
and another person's entry, on the same computer, was a few days
later).
Neither person said they had any jobs running, but maybe Windows did
behind the scenes...???
Thanks.
Scott
Samba server (if that makes any difference). Auditing on the Windows
machine is turned on, and the security logs show two accounts with
logoff times long after their login times. This machine is in an
isolated network.
I am the only person with admin rights.
What might cause Windows XP w/SP2 to record a delayed logoff? I
searched for any file creation/modification dates for the date/time of
the logoff entry, but there was no hit.
The first Event ID is 551, followed by 538.
I have reviewed all the audit logs I could find, but on the Windows
system and the samba server, but no correlations anywhere.
Insights are welcome. I don't believe the system was hacked - I
just need to find out why/how Windows reported logoffs long after the
user logged in (one person's entry was about 12 hours after the fact,
and another person's entry, on the same computer, was a few days
later).
Neither person said they had any jobs running, but maybe Windows did
behind the scenes...???
Thanks.
Scott