Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SO MANY success audit entries in the Event Viewer Security Log

Posted on 2004-08-11
3
Medium Priority
?
1,424 Views
Last Modified: 2013-12-04
Hi.

WHile trying to see why/when a users sign on got locked out, i was looking thru the Event Viewer / Security log.

Seems there were a ton, I mean A TON of Success Audit from very late night from a multitude of pc's that i know users are not signing onto.  
 
Most entries are :
ID 540 - Successful Network Logon
ID 538 - User Logoff
ID 680 - Account used for logon by

Does anyone know why so many entries that shouldnt be?

thanks.

ST
0
Comment
Question by:ststst
3 Comments
 
LVL 2

Expert Comment

by:chuckatwork
ID: 11779683
Maybe try logon hour restrictions for the account in AD to troubleshoot. Just find the user in AD and there is an hour logon restriction tab. Could they be running scripts? Can you turn off a user's computer to see if it appears that night?
0
 
LVL 12

Accepted Solution

by:
Aland Coons earned 300 total points
ID: 12227457
I would suggest that the computer is infected with some trojan, spyware, or virus that is attempting to replicate across the network. Does the user log off their comptuer in the evening when they leave? If the activity is legitimate it might be their desktop antivirus scanning network drives or some other such searching or indexing function. We always have users reboot or logoff their computer but not shut them down so we can administer updates during the late/early hours.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question