devault
asked on
Event Log...Event ID 560
Can anyone shed a little light on what this means?
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 5/9/2000
Time: 11:20:12 AM
User: COSMOS\smithd
Computer: THOR
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_DOMAIN
Object Name: COSMOS
New Handle ID: -
Operation ID: {0,11019822}
Process ID: 2162919808
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E7)
Client User Name: smithd
Client Domain: COSMOS
Client Logon ID: (0x0,0xA8260B)
Accesses ReadPasswordParameters
WritePasswordParameters
CreateLocalGroup
GetLocalGroupMembership
ListAccounts
LookupIDs
Privileges -
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 5/9/2000
Time: 11:20:12 AM
User: COSMOS\smithd
Computer: THOR
Description:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_DOMAIN
Object Name: COSMOS
New Handle ID: -
Operation ID: {0,11019822}
Process ID: 2162919808
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E7)
Client User Name: smithd
Client Domain: COSMOS
Client Logon ID: (0x0,0xA8260B)
Accesses ReadPasswordParameters
WritePasswordParameters
CreateLocalGroup
GetLocalGroupMembership
ListAccounts
LookupIDs
Privileges -
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I didn't see anything real pertinent on Microsoft's page, but I did log in w/ an account that didn't have sufficient privileges and tried to use the User Manager to view the members of the Domain Admins group for the domain and got exactly the same results.
They might be gathering info to try and crack the Admin passwords, or it could be a back door Virus gathering info about your system.
in any case, I would take it seriously !!