[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

NtLmSsp and NTLM Security Problem on Windows 2003 Standard Edition

Posted on 2004-05-02
5
Medium Priority
?
3,094 Views
Last Modified: 2013-12-04
Hello
I Use Windows 2003 Standard Edition , today my friend Password in my system (we use one system) changed I find this audit in my system audit:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      540
Date:            5/2/2004
Time:            9:56:27 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
Successful Network Logon:
       User Name:      
       Domain:            
       Logon ID:            (0x0,0x1AE5F4)
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      SRV001
       Logon GUID:      -
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID: -
       Transited Services: -
       Source Network Address:      xxx.xxx.xxx.xxx
       Source Port:      0
--------------------
Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      538
Date:            5/2/2004
Time:            9:56:17 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
User Logoff:
       User Name:      ANONYMOUS LOGON
       Domain:            NT AUTHORITY
       Logon ID:            (0x0,0x234913)
       Logon Type:      3
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------
Event Type:      Success Audit
Event Source:      Security
Event Category:      Account Management
Event ID:      627
Date:            5/2/2004
Time:            10:12:40 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
Change Password Attempt:
       Target Account Name:      Admin123
       Target Domain:      NS9
       Target Account ID:      NS9\Admin123
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      (0x0,0x3E6)
       Privileges:      -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


what is problem that Anonymous User can change Administrator password?!!!

- karaji
0
Comment
Question by:karaji
2 Comments
 
LVL 2

Expert Comment

by:VRAGHAVANS
ID: 10974615
Nothing to worry
Check this URL

http://is-it-true.org/nt/atips/atips155.shtml
Venkat
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 1000 total points
ID: 10976711
Well - maybe there is something to worry about !

Are your friends computername NS9 ???

If not, then it could be an unknown user/computer that's doing a real logon
http://www.eventid.net/display.asp?eventid=540&eventno=9&source=Security&phase=1

If so, you should protect yourself from keyloggers ...

Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question