<div>
Whatever it is, it got far enough into your network to try to login to the domain... You might need to do a system wide network audit to make sure someone didn't plug something into an open port OR has a virtual machine going... <br />
Turning netlogin debugging on should capture IP addresses and maybe help you track down what is happening...<br />
<br />
<a href="https://support.microsoft.com/en-us/help/109626/enabling-debug-logging-for-the-netlogon-service" rel="ugc">https://support.microsoft.com/en-us/help/109626/enabling-debug-logging-for-the-netlogon-service</a>
</div>


wcgplc

<div>
<div class="content wysiwyg-content">
Evening experts,<br />
<br />
We have a number of instances of Event ID 5723 Source: NETLOGON on one of our DC's with Win Svr 2008 installed (see below). Although the pc in the event does not belong to our network and never did. I work for a financial organisation and security is as tight as it can be regarding physical access to our main office so I'm assuming this access attempt was made remotely. Please, can you help me out here on how this could have happened? We don't have wifi on our network so I'm a little baffled here. Please advise. &nbsp;<br />
<br />
<a href="https://filedb.experts-exchange.com/incoming/2018/10_w42/1394796/eventID5723.jpg" target="_blank" title="event id (167 KB)"><img alt="event id" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2018/10_w42/800_1394796/eventID5723.jpg" /></a>
</div>
</div>


eventID5723.jpg

Evening experts,

We have a number of instances of Event ID 5723 Source: NETLOGON on one of our DC's with Win Svr 2008 installed (see below). Although the pc in the event does not belong to our network and never did. I work for a financial organisation and security is as tight as it can be regarding physical access to our main office so I'm assuming this access attempt was made remotely. Please, can you help me out here on how this could have happened? We don't have wifi on our network so I'm a little baffled here. Please advise.  



Event ID 5723 Source: NETLOGON

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

A personal computer is a general-purpose computer whose size, capabilities and price make it useful for individuals, and is intended to be operated directly by an end-user with no intervening computer time-sharing models that allowed systems to be used by many people, usually at the same time. Personal computers may be connected to a local area network (LAN), either by a cable or a wireless connection, and through that to the Internet. A personal computer may be a laptop computer or a desktop computer running an operating system such as Windows, Linux or Macintosh OS.

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.