Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Event Log...Event ID 560

Posted on 2000-05-15
3
Medium Priority
?
613 Views
Last Modified: 2013-12-28
Can anyone shed a little light on what this means?

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Object Access
Event ID:      560
Date:            5/9/2000
Time:            11:20:12 AM
User:            COSMOS\smithd
Computer:      THOR
Description:
Object Open:
       Object Server:      Security Account Manager
       Object Type:      SAM_DOMAIN
       Object Name:      COSMOS
       New Handle ID:      -
       Operation ID:      {0,11019822}
       Process ID:      2162919808
       Primary User Name:      SYSTEM
       Primary Domain:      NT AUTHORITY
       Primary Logon ID:      (0x0,0x3E7)
       Client User Name:      smithd
       Client Domain:      COSMOS
       Client Logon ID:      (0x0,0xA8260B)
       Accesses            ReadPasswordParameters
            WritePasswordParameters
            CreateLocalGroup
            GetLocalGroupMembership
            ListAccounts
            LookupIDs
            
       Privileges            -
 
0
Comment
Question by:devault
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 2811999
It sounds like someboby is trying to Access the SAM ( security database ) and read passwords and other info.
They might be gathering info to try and crack the Admin passwords, or it could be a back door Virus gathering info about your system.
in any case, I would take it seriously !!

0
 
LVL 86

Accepted Solution

by:
jkr earned 600 total points
ID: 2812075
From the actions mentioned in the record, it's most likely that 'smithd' tried to use the user manager without having the privileges to do so - see http://support.microsoft.com/support/kb/articles/Q174/0/74.ASP ("Security Event Descriptions")
0
 

Author Comment

by:devault
ID: 2812284
I didn't see anything real pertinent on Microsoft's page, but I did log in w/ an account that didn't have sufficient privileges and tried to use the User Manager to view the members of the Domain Admins group for the domain and got exactly the same results.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question