Solved

SO MANY success audit entries in the Event Viewer Security Log

Posted on 2004-08-11
3
1,397 Views
Last Modified: 2013-12-04
Hi.

WHile trying to see why/when a users sign on got locked out, i was looking thru the Event Viewer / Security log.

Seems there were a ton, I mean A TON of Success Audit from very late night from a multitude of pc's that i know users are not signing onto.  
 
Most entries are :
ID 540 - Successful Network Logon
ID 538 - User Logoff
ID 680 - Account used for logon by

Does anyone know why so many entries that shouldnt be?

thanks.

ST
0
Comment
Question by:ststst
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Expert Comment

by:chuckatwork
ID: 11779683
Maybe try logon hour restrictions for the account in AD to troubleshoot. Just find the user in AD and there is an hour logon restriction tab. Could they be running scripts? Can you turn off a user's computer to see if it appears that night?
0
 
LVL 12

Accepted Solution

by:
alandc earned 100 total points
ID: 12227457
I would suggest that the computer is infected with some trojan, spyware, or virus that is attempting to replicate across the network. Does the user log off their comptuer in the evening when they leave? If the activity is legitimate it might be their desktop antivirus scanning network drives or some other such searching or indexing function. We always have users reboot or logoff their computer but not shut them down so we can administer updates during the late/early hours.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question