karaji
asked on
NtLmSsp and NTLM Security Problem on Windows 2003 Standard Edition
Hello
I Use Windows 2003 Standard Edition , today my friend Password in my system (we use one system) changed I find this audit in my system audit:
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 5/2/2004
Time: 9:56:27 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: NS9
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x1AE5F4)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: SRV001
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: xxx.xxx.xxx.xxx
Source Port: 0
--------------------
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 5/2/2004
Time: 9:56:17 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: NS9
Description:
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID: (0x0,0x234913)
Logon Type: 3
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 627
Date: 5/2/2004
Time: 10:12:40 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: NS9
Description:
Change Password Attempt:
Target Account Name: Admin123
Target Domain: NS9
Target Account ID: NS9\Admin123
Caller User Name: -
Caller Domain: -
Caller Logon ID: (0x0,0x3E6)
Privileges: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
what is problem that Anonymous User can change Administrator password?!!!
- karaji
I Use Windows 2003 Standard Edition , today my friend Password in my system (we use one system) changed I find this audit in my system audit:
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 5/2/2004
Time: 9:56:27 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: NS9
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x1AE5F4)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: SRV001
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: xxx.xxx.xxx.xxx
Source Port: 0
--------------------
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 5/2/2004
Time: 9:56:17 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: NS9
Description:
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID: (0x0,0x234913)
Logon Type: 3
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 627
Date: 5/2/2004
Time: 10:12:40 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: NS9
Description:
Change Password Attempt:
Target Account Name: Admin123
Target Domain: NS9
Target Account ID: NS9\Admin123
Caller User Name: -
Caller Domain: -
Caller Logon ID: (0x0,0x3E6)
Privileges: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
what is problem that Anonymous User can change Administrator password?!!!
- karaji
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check this URL
http://is-it-true.org/nt/atips/atips155.shtml
Venkat