S
Sam Jones
I have a user who it seems is logging onto my Win 2K
workstation, even though they have no access. They do not
have local account and are not a Domain Admin. They are
just a user. The user says that they are not connecting to
my PC.
Could this be a virus on their PC and it is then hacking
other systems without their knowledge? or are they not
being truthful and are hacking my PC somehow?
See Event log entries below. Names altered for security
reasons.
I would appreciate some help on this. I want to be sure
before reporting the problem as a security breach.
Below are the events:
Event 1: connection established to my pc
Success Audit Security Privilege Use 576
JOE USER COMPUTERNAME
Special privileges assigned to new logon:
User Name:
Domain:
Logon ID: (0x0,0x114022)
Assigned: SeChangeNotifyPrivilege
Event 2: Successful Logon
Success Audit Security Logon/Logoff 540
JOE USER COMPUTERNAME
Successful Network Logon:
User Name: JOEUSER
Domain: ACME
Logon ID: (0x0,0x114022)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: \\COMPUTERNAME
Event 3: Logoff
Success Audit Security Logon/Logoff 538
JOE USER COMPUTERNAME
User Logoff:
User Name: JOEUSER
Domain: ACME
Logon ID: (0x0,0x114022)
Logon Type: 3
workstation, even though they have no access. They do not
have local account and are not a Domain Admin. They are
just a user. The user says that they are not connecting to
my PC.
Could this be a virus on their PC and it is then hacking
other systems without their knowledge? or are they not
being truthful and are hacking my PC somehow?
See Event log entries below. Names altered for security
reasons.
I would appreciate some help on this. I want to be sure
before reporting the problem as a security breach.
Below are the events:
Event 1: connection established to my pc
Success Audit Security Privilege Use 576
JOE USER COMPUTERNAME
Special privileges assigned to new logon:
User Name:
Domain:
Logon ID: (0x0,0x114022)
Assigned: SeChangeNotifyPrivilege
Event 2: Successful Logon
Success Audit Security Logon/Logoff 540
JOE USER COMPUTERNAME
Successful Network Logon:
User Name: JOEUSER
Domain: ACME
Logon ID: (0x0,0x114022)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: \\COMPUTERNAME
Event 3: Logoff
Success Audit Security Logon/Logoff 538
JOE USER COMPUTERNAME
User Logoff:
User Name: JOEUSER
Domain: ACME
Logon ID: (0x0,0x114022)
Logon Type: 3