[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 568
  • Last Modified:

Strange behaviour with use right SeMachineAccountPrivilege

I am monitoring the event logs on computer A that has supposely is locked down which is only accessible by user A. In the event log I noticed
eventid: 608 Type:Success A User: NT AUTHORITY\SYSTEM Computer A
Description: User right Assigned:
User Right: SeMachineAccountPrivilege
Assigned To: xxx\USER B
Username: COMPUTER_A$
DOMAIN: xxx
Logon ID: (#x#, #x#A#)

Would this indicate that USER B is trying to access computer_A or is USER B creating a machine and assigning same computer name to see if user b can gain access. So esstenially what I'm asking is USER B actually breaking into computer_A.

Thanks,
0
xeyeclan
Asked:
xeyeclan
  • 2
1 Solution
 
Ancient_OrangeCommented:
Hi.

If a user gets granted the SeMachineAccountPrivileg he has got the ability to add a new Computer to the Domain,
Meening he can hook every pc he wants into the Domain

The eventlog only says that USer B got that right not that he has tried to acess something or so.

but i guess if you can't remember granting this privileg you should checl whats going on there ?

are you the only admin on that maschine or do more users have acess to userA ?

best regards AO
0
 
Ancient_OrangeCommented:
Short notice:

I'm going to bed now (i'ts about 11p.m here in austria)

possibly someone else will be able to help you in the mean time.
if not i'l be @ your service in about 12 hours again.

with best regards AO
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now