Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows Security Event Log shows many type 3 logon/logoff from domain users

Posted on 2011-02-17
4
Medium Priority
?
801 Views
Last Modified: 2012-05-11
Noticed on first a Windows 2003 Server in the security event log domain users in our large city domain has users logging on and off continuously.  Then I looked at my Windows XP PC event log and see the same.  Why is it that a PC or Server would have this activity happening on all of its nodes?  Is there something that should be addressed in the NT Domain configuration?  If I don't need this to occur on a server acting as an appliance, do I shutdown the Net Logon service and just use the SAM for authentication?
0
Comment
Question by:danfiggolf
  • 3
4 Comments
 
LVL 5

Expert Comment

by:Fridolin Mansmann
ID: 34920347
Error Events would be helpful, sometimes these kind of events are "normal" depending on the audit log level. Also provide some more information about OS, version etc.
0
 

Author Comment

by:danfiggolf
ID: 34920830
Event ID 538 and Event ID 540.  This is a Windows 2003 Domain.  The server is Windows 2003 and the clients are currently XP SP3.  If you look at the log at any PC or Server in the domain they have all the domain user accounts logging in and logging off.  Is this a browsing thing, where the users are not actually attempting to logon to the systems, but just a browsing functionality or incorrectly configured NT Domain?
0
 

Accepted Solution

by:
danfiggolf earned 0 total points
ID: 34965976
QAKBOT was the problem.
0
 

Author Closing Comment

by:danfiggolf
ID: 34995568
because I did not provide enough detail for the experts to understand the problem.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question