xeyeclan
asked on
Strange behaviour with use right SeMachineAccountPrivilege
I am monitoring the event logs on computer A that has supposely is locked down which is only accessible by user A. In the event log I noticed
eventid: 608 Type:Success A User: NT AUTHORITY\SYSTEM Computer A
Description: User right Assigned:
User Right: SeMachineAccountPrivilege
Assigned To: xxx\USER B
Username: COMPUTER_A$
DOMAIN: xxx
Logon ID: (#x#, #x#A#)
Would this indicate that USER B is trying to access computer_A or is USER B creating a machine and assigning same computer name to see if user b can gain access. So esstenially what I'm asking is USER B actually breaking into computer_A.
Thanks,
eventid: 608 Type:Success A User: NT AUTHORITY\SYSTEM Computer A
Description: User right Assigned:
User Right: SeMachineAccountPrivilege
Assigned To: xxx\USER B
Username: COMPUTER_A$
DOMAIN: xxx
Logon ID: (#x#, #x#A#)
Would this indicate that USER B is trying to access computer_A or is USER B creating a machine and assigning same computer name to see if user b can gain access. So esstenially what I'm asking is USER B actually breaking into computer_A.
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm going to bed now (i'ts about 11p.m here in austria)
possibly someone else will be able to help you in the mean time.
if not i'l be @ your service in about 12 hours again.
with best regards AO