J
jtpryan
(e-mail address removed) Mar 31, 7:44 am show options
Newsgroups: microsoft.public.windows.server.networking
From: (e-mail address removed) - Find messages by this author
Date: 31 Mar 2005 07:44:21 -0800
Local: Thurs, Mar 31 2005 7:44 am
Subject: How do I find out who a "caller logon ID" belongs to?
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Remove | Report Abuse
I have a process somewhere on the network that is changing the
administrator password. When it gets changed the following appears in
the security event log:
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 628
Date: 3/31/2005
Time: 9:00:05 AM
User: NT AUTHORITY\SYSTEM
Computer: ESD-HOST2435
Description:
User Account password set:
Target Account Name: Administrator
Target Domain: ESD-HOST2435
Target Account ID: ESD-HOST2435\Administrator
Caller User Name: ESD-HOST2435$
Caller Domain: ESTORE
Caller Logon ID: (0x0,0x3E7)
Who is "0x3e7"? Or for that matter "NT AUTHORITY\SYSTEM"?
Thanks,
Jim
Newsgroups: microsoft.public.windows.server.networking
From: (e-mail address removed) - Find messages by this author
Date: 31 Mar 2005 07:44:21 -0800
Local: Thurs, Mar 31 2005 7:44 am
Subject: How do I find out who a "caller logon ID" belongs to?
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Remove | Report Abuse
I have a process somewhere on the network that is changing the
administrator password. When it gets changed the following appears in
the security event log:
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 628
Date: 3/31/2005
Time: 9:00:05 AM
User: NT AUTHORITY\SYSTEM
Computer: ESD-HOST2435
Description:
User Account password set:
Target Account Name: Administrator
Target Domain: ESD-HOST2435
Target Account ID: ESD-HOST2435\Administrator
Caller User Name: ESD-HOST2435$
Caller Domain: ESTORE
Caller Logon ID: (0x0,0x3E7)
Who is "0x3e7"? Or for that matter "NT AUTHORITY\SYSTEM"?
Thanks,
Jim