[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
8.0

What determines User definiton in NT Event ID 540

Asked by Charlie_Melega in Windows Network Security, Windows 2000 Operating System, Operating Systems Network Security


Hello,

I am trying to understand and define what determines the User definition in the following NT Event ID:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      540
Date:            11/5/2003
Time:            5:03:00 PM
User:            NT AUTHORITY\SYSTEM
Computer:      MAILCR
Description:
Successful Network Logon:
       User Name:      MAILCR$
       Domain:            NDS_NET
       Logon ID:            (0x0,0x4CBC65)
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      




Note that     "User: NT AUTHORITY\SYSTEM"     I have an isolated cases where the user: is defined as Domain\Username.  
I believe these events are being generated when a particular Service Stops\Starts (there are also associated NT Event ID 538 with these 540's as well) and I have already checked the Service to verify it is running under the SYSTEM account.


Thanks,

500 pts due to urgency.
[+][-]05/19/09 05:27 AM, ID: 24421116Accepted Solution

Your question has an Asker Certified™ answer! Charlie_Melega verified that this solution worked for them--which means it will likely work for you, too. Click to view the solution free for 30-days now.

About this solution

Zones: Windows Network Security, Windows 2000 Operating System, Operating Systems Network Security
Sign Up Now!
Solution Provided By: Pber
Participating Experts: 1
Solution Grade: A
 
[+][-]05/12/09 11:12 AM, ID: 24367471Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05/18/09 07:28 AM, ID: 24412398Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05/18/09 07:30 AM, ID: 24412422Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]08/27/09 02:59 PM, ID: 25203119Administrative Comment

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 30-day free trial to view this Administrative Comment or ask the Experts your question.

 
 
Loading Advertisement...
20100308-EE-VQP-138 - Hierarchy / EE_QW_3_20080625
Your technology problems solved.
Close See Plans and Pricing. Try it FREE for 30 days.