?
Solved

Windows Security Event Log shows many type 3 logon/logoff from domain users

Posted on 2011-02-17
4
Medium Priority
?
798 Views
Last Modified: 2012-05-11
Noticed on first a Windows 2003 Server in the security event log domain users in our large city domain has users logging on and off continuously.  Then I looked at my Windows XP PC event log and see the same.  Why is it that a PC or Server would have this activity happening on all of its nodes?  Is there something that should be addressed in the NT Domain configuration?  If I don't need this to occur on a server acting as an appliance, do I shutdown the Net Logon service and just use the SAM for authentication?
0
Comment
Question by:danfiggolf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 5

Expert Comment

by:Fridolin Mansmann
ID: 34920347
Error Events would be helpful, sometimes these kind of events are "normal" depending on the audit log level. Also provide some more information about OS, version etc.
0
 

Author Comment

by:danfiggolf
ID: 34920830
Event ID 538 and Event ID 540.  This is a Windows 2003 Domain.  The server is Windows 2003 and the clients are currently XP SP3.  If you look at the log at any PC or Server in the domain they have all the domain user accounts logging in and logging off.  Is this a browsing thing, where the users are not actually attempting to logon to the systems, but just a browsing functionality or incorrectly configured NT Domain?
0
 

Accepted Solution

by:
danfiggolf earned 0 total points
ID: 34965976
QAKBOT was the problem.
0
 

Author Closing Comment

by:danfiggolf
ID: 34995568
because I did not provide enough detail for the experts to understand the problem.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question