B
Boris Skoblo
Hi All,
What 3 sequential events in security log Win 2000 server can mean?
------
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 11/6/2003
Time: 4:48:28 PM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_SERVER
Object Name: SAM
New Handle ID: 803104
Operation ID: {0,84797490}
Process ID: 384
Primary User Name: SERVER$
Primary Domain: DOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: SERVER$
Client Domain: DOMAIN
Client Logon ID: (0x0,0x3E7)
Accesses DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ConnectToServer
ShutdownServer
InitializeServer
CreateDomain
EnumerateDomains
LookupDomain
Privileges -
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 11/6/2003
Time: 4:48:28 PM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_DOMAIN
Object Name: SERVER
New Handle ID: 896528
Operation ID: {0,84797491}
Process ID: 384
Primary User Name: SERVER$
Primary Domain: DOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: SERVER$
Client Domain: DOMAIN
Client Logon ID: (0x0,0x3E7)
Accesses ReadPasswordParameters
Privileges -
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 11/6/2003
Time: 4:48:28 PM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_USER
Object Name: DOMAINS\Account\Users\000003E8
New Handle ID: 1233120
Operation ID: {0,84797496}
Process ID: 384
Primary User Name: SERVER$
Primary Domain: DOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: SERVER$
Client Domain: DOMAIN
Client Logon ID: (0x0,0x3E7)
Accesses ChangePassword (with knowledge of old password)
Privileges -
What 3 sequential events in security log Win 2000 server can mean?
------
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 11/6/2003
Time: 4:48:28 PM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_SERVER
Object Name: SAM
New Handle ID: 803104
Operation ID: {0,84797490}
Process ID: 384
Primary User Name: SERVER$
Primary Domain: DOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: SERVER$
Client Domain: DOMAIN
Client Logon ID: (0x0,0x3E7)
Accesses DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ConnectToServer
ShutdownServer
InitializeServer
CreateDomain
EnumerateDomains
LookupDomain
Privileges -
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 11/6/2003
Time: 4:48:28 PM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_DOMAIN
Object Name: SERVER
New Handle ID: 896528
Operation ID: {0,84797491}
Process ID: 384
Primary User Name: SERVER$
Primary Domain: DOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: SERVER$
Client Domain: DOMAIN
Client Logon ID: (0x0,0x3E7)
Accesses ReadPasswordParameters
Privileges -
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 11/6/2003
Time: 4:48:28 PM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_USER
Object Name: DOMAINS\Account\Users\000003E8
New Handle ID: 1233120
Operation ID: {0,84797496}
Process ID: 384
Primary User Name: SERVER$
Primary Domain: DOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: SERVER$
Client Domain: DOMAIN
Client Logon ID: (0x0,0x3E7)
Accesses ChangePassword (with knowledge of old password)
Privileges -