Solved

SO MANY success audit entries in the Event Viewer Security Log

Posted on 2004-08-11
3
1,385 Views
Last Modified: 2013-12-04
Hi.

WHile trying to see why/when a users sign on got locked out, i was looking thru the Event Viewer / Security log.

Seems there were a ton, I mean A TON of Success Audit from very late night from a multitude of pc's that i know users are not signing onto.  
 
Most entries are :
ID 540 - Successful Network Logon
ID 538 - User Logoff
ID 680 - Account used for logon by

Does anyone know why so many entries that shouldnt be?

thanks.

ST
0
Comment
Question by:ststst
3 Comments
 
LVL 2

Expert Comment

by:chuckatwork
ID: 11779683
Maybe try logon hour restrictions for the account in AD to troubleshoot. Just find the user in AD and there is an hour logon restriction tab. Could they be running scripts? Can you turn off a user's computer to see if it appears that night?
0
 
LVL 12

Accepted Solution

by:
alandc earned 100 total points
ID: 12227457
I would suggest that the computer is infected with some trojan, spyware, or virus that is attempting to replicate across the network. Does the user log off their comptuer in the evening when they leave? If the activity is legitimate it might be their desktop antivirus scanning network drives or some other such searching or indexing function. We always have users reboot or logoff their computer but not shut them down so we can administer updates during the late/early hours.
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now