How to correlate "caller Logon ID" to user?

  • Thread starter Thread starter jtpryan
  • Start date Start date
J

jtpryan

(e-mail address removed) Mar 31, 7:44 am show options

Newsgroups: microsoft.public.windows.server.networking
From: (e-mail address removed) - Find messages by this author
Date: 31 Mar 2005 07:44:21 -0800
Local: Thurs, Mar 31 2005 7:44 am
Subject: How do I find out who a "caller logon ID" belongs to?
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Remove | Report Abuse

I have a process somewhere on the network that is changing the
administrator password. When it gets changed the following appears in
the security event log:


Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 628
Date: 3/31/2005
Time: 9:00:05 AM
User: NT AUTHORITY\SYSTEM
Computer: ESD-HOST2435
Description:
User Account password set:
Target Account Name: Administrator
Target Domain: ESD-HOST2435
Target Account ID: ESD-HOST2435\Administrator
Caller User Name: ESD-HOST2435$
Caller Domain: ESTORE
Caller Logon ID: (0x0,0x3E7)


Who is "0x3e7"? Or for that matter "NT AUTHORITY\SYSTEM"?


Thanks,
Jim
 
Back
Top