?
Solved

NtLmSsp and NTLM Security Problem on Windows 2003 Standard Edition

Posted on 2004-05-02
5
Medium Priority
?
3,063 Views
Last Modified: 2013-12-04
Hello
I Use Windows 2003 Standard Edition , today my friend Password in my system (we use one system) changed I find this audit in my system audit:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      540
Date:            5/2/2004
Time:            9:56:27 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
Successful Network Logon:
       User Name:      
       Domain:            
       Logon ID:            (0x0,0x1AE5F4)
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      SRV001
       Logon GUID:      -
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID: -
       Transited Services: -
       Source Network Address:      xxx.xxx.xxx.xxx
       Source Port:      0
--------------------
Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      538
Date:            5/2/2004
Time:            9:56:17 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
User Logoff:
       User Name:      ANONYMOUS LOGON
       Domain:            NT AUTHORITY
       Logon ID:            (0x0,0x234913)
       Logon Type:      3
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------
Event Type:      Success Audit
Event Source:      Security
Event Category:      Account Management
Event ID:      627
Date:            5/2/2004
Time:            10:12:40 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
Change Password Attempt:
       Target Account Name:      Admin123
       Target Domain:      NS9
       Target Account ID:      NS9\Admin123
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      (0x0,0x3E6)
       Privileges:      -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


what is problem that Anonymous User can change Administrator password?!!!

- karaji
0
Comment
Question by:karaji
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 2

Expert Comment

by:VRAGHAVANS
ID: 10974615
Nothing to worry
Check this URL

http://is-it-true.org/nt/atips/atips155.shtml
Venkat
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 1000 total points
ID: 10976711
Well - maybe there is something to worry about !

Are your friends computername NS9 ???

If not, then it could be an unknown user/computer that's doing a real logon
http://www.eventid.net/display.asp?eventid=540&eventno=9&source=Security&phase=1

If so, you should protect yourself from keyloggers ...

Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month10 days, 12 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question