?
Solved

NtLmSsp and NTLM Security Problem on Windows 2003 Standard Edition

Posted on 2004-05-02
5
Medium Priority
?
3,104 Views
Last Modified: 2013-12-04
Hello
I Use Windows 2003 Standard Edition , today my friend Password in my system (we use one system) changed I find this audit in my system audit:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      540
Date:            5/2/2004
Time:            9:56:27 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
Successful Network Logon:
       User Name:      
       Domain:            
       Logon ID:            (0x0,0x1AE5F4)
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      SRV001
       Logon GUID:      -
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID: -
       Transited Services: -
       Source Network Address:      xxx.xxx.xxx.xxx
       Source Port:      0
--------------------
Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      538
Date:            5/2/2004
Time:            9:56:17 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
User Logoff:
       User Name:      ANONYMOUS LOGON
       Domain:            NT AUTHORITY
       Logon ID:            (0x0,0x234913)
       Logon Type:      3
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------
Event Type:      Success Audit
Event Source:      Security
Event Category:      Account Management
Event ID:      627
Date:            5/2/2004
Time:            10:12:40 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      NS9
Description:
Change Password Attempt:
       Target Account Name:      Admin123
       Target Domain:      NS9
       Target Account ID:      NS9\Admin123
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      (0x0,0x3E6)
       Privileges:      -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


what is problem that Anonymous User can change Administrator password?!!!

- karaji
0
Comment
Question by:karaji
2 Comments
 
LVL 2

Expert Comment

by:VRAGHAVANS
ID: 10974615
Nothing to worry
Check this URL

http://is-it-true.org/nt/atips/atips155.shtml
Venkat
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 1000 total points
ID: 10976711
Well - maybe there is something to worry about !

Are your friends computername NS9 ???

If not, then it could be an unknown user/computer that's doing a real logon
http://www.eventid.net/display.asp?eventid=540&eventno=9&source=Security&phase=1

If so, you should protect yourself from keyloggers ...

Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Suggested Courses

594 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question