Solved

Event Log...Event ID 560

Posted on 2000-05-15
3
609 Views
Last Modified: 2013-12-28
Can anyone shed a little light on what this means?

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Object Access
Event ID:      560
Date:            5/9/2000
Time:            11:20:12 AM
User:            COSMOS\smithd
Computer:      THOR
Description:
Object Open:
       Object Server:      Security Account Manager
       Object Type:      SAM_DOMAIN
       Object Name:      COSMOS
       New Handle ID:      -
       Operation ID:      {0,11019822}
       Process ID:      2162919808
       Primary User Name:      SYSTEM
       Primary Domain:      NT AUTHORITY
       Primary Logon ID:      (0x0,0x3E7)
       Client User Name:      smithd
       Client Domain:      COSMOS
       Client Logon ID:      (0x0,0xA8260B)
       Accesses            ReadPasswordParameters
            WritePasswordParameters
            CreateLocalGroup
            GetLocalGroupMembership
            ListAccounts
            LookupIDs
            
       Privileges            -
 
0
Comment
Question by:devault
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 2811999
It sounds like someboby is trying to Access the SAM ( security database ) and read passwords and other info.
They might be gathering info to try and crack the Admin passwords, or it could be a back door Virus gathering info about your system.
in any case, I would take it seriously !!

0
 
LVL 86

Accepted Solution

by:
jkr earned 200 total points
ID: 2812075
From the actions mentioned in the record, it's most likely that 'smithd' tried to use the user manager without having the privileges to do so - see http://support.microsoft.com/support/kb/articles/Q174/0/74.ASP ("Security Event Descriptions")
0
 

Author Comment

by:devault
ID: 2812284
I didn't see anything real pertinent on Microsoft's page, but I did log in w/ an account that didn't have sufficient privileges and tried to use the User Manager to view the members of the Domain Admins group for the domain and got exactly the same results.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
This article summaries thoughts and ideas from two years of sustained use. It provides good reasoning to make the jump to Windows 10.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question