Success Audit Question???????

[Mike_BEE]

I received this Success Audit in the Security section of
the Event Viewer on my Windows 2000 Server

Indirect access to an object has been obtained:
Object Type: Port
Object Name: \RPC Control\ntsvcs
Process ID: 300
Primary User Name: PRIMARY-SERVER$
Primary Domain: PROUDDESIGNS
Primary Logon ID: (0x0,0x3E7)
Client User Name: PRIMARY-SERVER$
Client Domain: PROUDDESIGNS
Client Logon ID: (0x0,0x3E7)
Accesses: Communicate using port


What does it mean and how can I check how it was accessed.

 

[Steven L Umbach]

Hard to say exactly what is going on, but it looks like the server named
PRIMARY-SERVER is using RPC to access a port. That would not be so unusual on a
network. If you need more information I would run TCPView on that computer to see
what ports and processes the computer is using to see that the processes are
legitimate. If you need more explicit info on a process that you see use Process
Explorer. Both are free from SysInternals. --- Steve

http://www.sysinternals.com/ntw2k/source/tcpview.shtml