Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 615
  • Last Modified:

Event Log...Event ID 560

Can anyone shed a little light on what this means?

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Object Access
Event ID:      560
Date:            5/9/2000
Time:            11:20:12 AM
User:            COSMOS\smithd
Computer:      THOR
Description:
Object Open:
       Object Server:      Security Account Manager
       Object Type:      SAM_DOMAIN
       Object Name:      COSMOS
       New Handle ID:      -
       Operation ID:      {0,11019822}
       Process ID:      2162919808
       Primary User Name:      SYSTEM
       Primary Domain:      NT AUTHORITY
       Primary Logon ID:      (0x0,0x3E7)
       Client User Name:      smithd
       Client Domain:      COSMOS
       Client Logon ID:      (0x0,0xA8260B)
       Accesses            ReadPasswordParameters
            WritePasswordParameters
            CreateLocalGroup
            GetLocalGroupMembership
            ListAccounts
            LookupIDs
            
       Privileges            -
 
0
devault
Asked:
devault
1 Solution
 
SysExpertCommented:
It sounds like someboby is trying to Access the SAM ( security database ) and read passwords and other info.
They might be gathering info to try and crack the Admin passwords, or it could be a back door Virus gathering info about your system.
in any case, I would take it seriously !!

0
 
jkrCommented:
From the actions mentioned in the record, it's most likely that 'smithd' tried to use the user manager without having the privileges to do so - see http://support.microsoft.com/support/kb/articles/Q174/0/74.ASP ("Security Event Descriptions")
0
 
devaultAuthor Commented:
I didn't see anything real pertinent on Microsoft's page, but I did log in w/ an account that didn't have sufficient privileges and tried to use the User Manager to view the members of the Domain Admins group for the domain and got exactly the same results.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now