Event viewer showing continuous 538,540,576,680 events in security for one user on 2003 server

I have a 2003  server that shows "continuous" login/logout events for one user.  The user has a one mapped drive to this server and all is working fine.  However, the event viewer is filling up with these.

example:
538      NT AUTHORITY\ANONYMOUS LOGON      DELLTS110
540      DELLTS110\Jennifer      DELLTS110
576      DELLTS110\Jennifer      DELLTS110
680      DELLTS110\Jennifer      DELLTS110
540      NT AUTHORITY\ANONYMOUS LOGON      DELLTS110
538      DELLTS110\Jennifer      DELLTS110
540      DELLTS110\Jennifer      DELLTS110
576      DELLTS110\Jennifer      DELLTS110
680      DELLTS110\Jennifer      DELLTS110
538      NT AUTHORITY\ANONYMOUS LOGON      DELLTS110
540      NT AUTHORITY\ANONYMOUS LOGON      DELLTS110
538      DELLTS110\Jennifer      DELLTS110
538      DELLTS110\Jennifer      DELLTS110
540      DELLTS110\Jennifer      DELLTS110
576      DELLTS110\Jennifer      DELLTS110
680      DELLTS110\Jennifer      DELLTS110
538      NT AUTHORITY\ANONYMOUS LOGON      DELLTS110
540      NT AUTHORITY\ANONYMOUS LOGON      DELLTS110
538      DELLTS110\Jennifer      DELLTS110
540      DELLTS110\Jennifer      DELLTS110
576      DELLTS110\Jennifer      DELLTS110
680      DELLTS110\Jennifer      DELLTS110

This user has mapped drives to another server and it does not exhibit this behavior.
I saw another post that stated an HP driver could cause this.  There are no HP drivers on the PC.

PC is XP and the server is 2003 Enterprise.

Thanks.
HouseofFaraAsked:
Who is Participating?
 
HouseofFaraConnect With a Mentor Author Commented:
Found the issue.   A program for down loading images from a camera had an internal setting for the storage of photos which pointed to the mapped server drive.  This program was memory resident on startup.   For some reason, after the password change, this program was causing the issue.   Removed it and problem went away.
0
 
Davis McCarnOwnerCommented:
If you are running SQL, try changing the polling interval: http://msdn.microsoft.com/en-us/library/aa198198
0
 
HouseofFaraAuthor Commented:
Thank you for the reply, but no SQL.

We have about 20 PC's on the network, 10 of them mapping a drive letter to this server and share.   Only one PC is exhibiting the problem of the continous security log entries.

The share works and  I see no other isssues with either the PC or the server.  I have ran several malware checks and find nothing.

The only thing that has changed recently that I can think of is that we did a scheduled password change on all users.  However, the share is accessible on the suspect PC so the new password is registering properly.

Thanks.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
Davis McCarnOwnerCommented:
I would suggest trying a different user login on that PC and/or try logging in as Jennifer from a different PC to see if the issue is user specific or machine related.
If its machine related, I'd try the AVG Rescue CD which can detect things that are deeply hidden: http://www.avg.com/us-en/avg-rescue-cd
0
 
Davis McCarnOwnerCommented:
Well!  That'll certainly do it, huh?
0
 
HouseofFaraAuthor Commented:
Reason found
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.