Event Log...Event ID 560

Can anyone shed a little light on what this means?

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Object Access
Event ID:      560
Date:            5/9/2000
Time:            11:20:12 AM
User:            COSMOS\smithd
Computer:      THOR
Description:
Object Open:
       Object Server:      Security Account Manager
       Object Type:      SAM_DOMAIN
       Object Name:      COSMOS
       New Handle ID:      -
       Operation ID:      {0,11019822}
       Process ID:      2162919808
       Primary User Name:      SYSTEM
       Primary Domain:      NT AUTHORITY
       Primary Logon ID:      (0x0,0x3E7)
       Client User Name:      smithd
       Client Domain:      COSMOS
       Client Logon ID:      (0x0,0xA8260B)
       Accesses            ReadPasswordParameters
            WritePasswordParameters
            CreateLocalGroup
            GetLocalGroupMembership
            ListAccounts
            LookupIDs
            
       Privileges            -
 
devaultAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
jkrConnect With a Mentor Commented:
From the actions mentioned in the record, it's most likely that 'smithd' tried to use the user manager without having the privileges to do so - see http://support.microsoft.com/support/kb/articles/Q174/0/74.ASP ("Security Event Descriptions")
0
 
SysExpertCommented:
It sounds like someboby is trying to Access the SAM ( security database ) and read passwords and other info.
They might be gathering info to try and crack the Admin passwords, or it could be a back door Virus gathering info about your system.
in any case, I would take it seriously !!

0
 
devaultAuthor Commented:
I didn't see anything real pertinent on Microsoft's page, but I did log in w/ an account that didn't have sufficient privileges and tried to use the User Manager to view the members of the Domain Admins group for the domain and got exactly the same results.
0
All Courses

From novice to tech pro — start learning today.