Solved

Windows Security Event Log shows many type 3 logon/logoff from domain users

Posted on 2011-02-17
4
796 Views
Last Modified: 2012-05-11
Noticed on first a Windows 2003 Server in the security event log domain users in our large city domain has users logging on and off continuously.  Then I looked at my Windows XP PC event log and see the same.  Why is it that a PC or Server would have this activity happening on all of its nodes?  Is there something that should be addressed in the NT Domain configuration?  If I don't need this to occur on a server acting as an appliance, do I shutdown the Net Logon service and just use the SAM for authentication?
0
Comment
Question by:danfiggolf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 4

Expert Comment

by:mansmanf
ID: 34920347
Error Events would be helpful, sometimes these kind of events are "normal" depending on the audit log level. Also provide some more information about OS, version etc.
0
 

Author Comment

by:danfiggolf
ID: 34920830
Event ID 538 and Event ID 540.  This is a Windows 2003 Domain.  The server is Windows 2003 and the clients are currently XP SP3.  If you look at the log at any PC or Server in the domain they have all the domain user accounts logging in and logging off.  Is this a browsing thing, where the users are not actually attempting to logon to the systems, but just a browsing functionality or incorrectly configured NT Domain?
0
 

Accepted Solution

by:
danfiggolf earned 0 total points
ID: 34965976
QAKBOT was the problem.
0
 

Author Closing Comment

by:danfiggolf
ID: 34995568
because I did not provide enough detail for the experts to understand the problem.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question