Strange behaviour with use right SeMachineAccountPrivilege

Posted on 2004-11-19
Last Modified: 2008-01-09
I am monitoring the event logs on computer A that has supposely is locked down which is only accessible by user A. In the event log I noticed
eventid: 608 Type:Success A User: NT AUTHORITY\SYSTEM Computer A
Description: User right Assigned:
User Right: SeMachineAccountPrivilege
Assigned To: xxx\USER B
Username: COMPUTER_A$
Logon ID: (#x#, #x#A#)

Would this indicate that USER B is trying to access computer_A or is USER B creating a machine and assigning same computer name to see if user b can gain access. So esstenially what I'm asking is USER B actually breaking into computer_A.

Question by:xeyeclan
    LVL 1

    Accepted Solution


    If a user gets granted the SeMachineAccountPrivileg he has got the ability to add a new Computer to the Domain,
    Meening he can hook every pc he wants into the Domain

    The eventlog only says that USer B got that right not that he has tried to acess something or so.

    but i guess if you can't remember granting this privileg you should checl whats going on there ?

    are you the only admin on that maschine or do more users have acess to userA ?

    best regards AO
    LVL 1

    Expert Comment

    Short notice:

    I'm going to bed now (i'ts about 11p.m here in austria)

    possibly someone else will be able to help you in the mean time.
    if not i'l be @ your service in about 12 hours again.

    with best regards AO

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Superior storage. Superior surveillance.

    WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now