I am seeing the following (santized) message;
10/4/07 11:11:58 AM,Security,Failure Audit,Logon/Logoff ,539,NT AUTHORITY\SYSTEM,NTDOMAIN,Logon Failure: Reason: Account locked out User Name: SomeUserName Domain: SomeMachineName Logon Type: 3 Logon Process: KSecDD Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: \\SomeMachineName
The log comes from an NT environment. The SomeMachineName is on a 2003 domain and not on the old NT domain, yet I am seeing logs. How is this possible? There exists a trust between the NT and 2003 domains. I don't see any other failed logons from other accounts.