dwpauleagle
asked on
Windows XP Mass login attempts
We have several Windows XP laptops on the network that are not part of the domain. Windows XP seems to automatically attempt to login to ALL other machines on the network. What can be done to prevent windows XP from Broadcasting this mass login attempt when it boots up ?
mikeleebrla
can you elaberate on what makes you think it's "automatically attempt to login to ALL other machines on the network" If the computer isn't in the domain it should just be logging in with a local account IE no network login at all.
Also you may need to scan for viri on this PC as there have been some recent viri that attempt to make login's to peoples PC's...
-rich
-rich
ASKER
Any XP machine fresh install will attempt to login to all shared PC on the network and register a failed login attempt in the Event log.
Doesn't mean a virus isn't getting on them immediatly- What you can do is install ZoneAlarm on a new machine, before joining it to the network- and before joining it to a domain. Install XP, do not connect it to the network period. Burn a CD with zonealarm on it, and install ZA. place the network cable in the pc, join it to the network etc... ZA will prompt you when any attempt to access the machine is made, and it will also alert you if a program that is not approved is trying to access the NIC or act as a server. You can use ZA to find out what is causing this on your current machines, and you can use it to protect future machines or brand new machines from infections.
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp The free version does this process locking/blocking also.
-rich
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp The free version does this process locking/blocking also.
-rich
ASKER
Not a virus a Machichine that is fully installed and virus protected do this as well .. i have delt with this issues on many many networks and have never found a way to shut up the XP machines doing this on login. thy just do it one with their own login . so it is not a brute force attack or randon name or admin attempts just attempts to loginto all shares with their own credintials.
this come from all XP machines
=====
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 681
Date: 3/21/2005
Time: 11:06:42 AM
User: NT AUTHORITY\SYSTEM
Computer: EAGLE1
Description:
The logon to account: Eric
by: MICROSOFT_AUTHENTICATION_P
from workstation: EBLACHNO
failed. The error code was: 3221225572
======
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 3/21/2005
Time: 11:06:42 AM
User: NT AUTHORITY\SYSTEM
Computer: EAGLE1
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Eric
Domain: EBLACHNO
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: EBLACHNO
=======
this come from all XP machines
=====
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 681
Date: 3/21/2005
Time: 11:06:42 AM
User: NT AUTHORITY\SYSTEM
Computer: EAGLE1
Description:
The logon to account: Eric
by: MICROSOFT_AUTHENTICATION_P
from workstation: EBLACHNO
failed. The error code was: 3221225572
======
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 3/21/2005
Time: 11:06:42 AM
User: NT AUTHORITY\SYSTEM
Computer: EAGLE1
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Eric
Domain: EBLACHNO
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: EBLACHNO
=======
is the logon attempts all coming from the same machine and does it always try to use the account eric?
If so, can you tell us more about the source machine, what it is and what its running?
If so, can you tell us more about the source machine, what it is and what its running?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That did the trick Thank you.