M
MR G
I used to have 2k and was being attacked by hackers
trying to log on to my home pc from the internet via my
cable modem. Since thn I am paranoid about the settings
on my network adapters and firewall. Under 2k, I got it
all configured so that it didn't happen again, and all
was ok. Now I have XP and it all started again. I have
set what I think protects me and I am not getting any
failure audits in event viewer. BUT, when I log on,
there seems to be rather a lot of success audits, just
for one logon. Please can someoen tell me if the
following from event viewer looks normal for one log on
locally to my admin account? There are 8 entries as
success audits as follows:
(1)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:15:35
User: NT AUTHORITY\NETWORK SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(2)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:15:36
User: NT AUTHORITY\LOCAL SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(3)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:15:43
User: NT AUTHORITY\LOCAL SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(4)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:15:43
User: NT AUTHORITY\LOCAL SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(5)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:15:44
User: NT AUTHORITY\LOCAL SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(6)
Event Type: Success Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 13/08/2003
Time: 17:16:16
User: NT AUTHORITY\SYSTEM
Computer: JUPITER
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Administrator
Source Workstation: JUPITER
Error Code: 0x0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(7)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:16:16
User: JUPITER\Administrator
Computer: JUPITER
Description:
Successful Logon:
User Name: Administrator
Domain: JUPITER
Logon ID: (0x0,0x104B7)
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: JUPITER
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(8)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:16:40
User: NT AUTHORITY\LOCAL SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
And that's it. I no longer get failures and the accounts
no longer lock out all the time (which is what alerted me
in the first place)
Thanks in advance
Chris
trying to log on to my home pc from the internet via my
cable modem. Since thn I am paranoid about the settings
on my network adapters and firewall. Under 2k, I got it
all configured so that it didn't happen again, and all
was ok. Now I have XP and it all started again. I have
set what I think protects me and I am not getting any
failure audits in event viewer. BUT, when I log on,
there seems to be rather a lot of success audits, just
for one logon. Please can someoen tell me if the
following from event viewer looks normal for one log on
locally to my admin account? There are 8 entries as
success audits as follows:
(1)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:15:35
User: NT AUTHORITY\NETWORK SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(2)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:15:36
User: NT AUTHORITY\LOCAL SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(3)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:15:43
User: NT AUTHORITY\LOCAL SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(4)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:15:43
User: NT AUTHORITY\LOCAL SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(5)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:15:44
User: NT AUTHORITY\LOCAL SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(6)
Event Type: Success Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 13/08/2003
Time: 17:16:16
User: NT AUTHORITY\SYSTEM
Computer: JUPITER
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Administrator
Source Workstation: JUPITER
Error Code: 0x0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(7)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:16:16
User: JUPITER\Administrator
Computer: JUPITER
Description:
Successful Logon:
User Name: Administrator
Domain: JUPITER
Logon ID: (0x0,0x104B7)
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: JUPITER
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
(8)
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 13/08/2003
Time: 17:16:40
User: NT AUTHORITY\LOCAL SERVICE
Computer: JUPITER
Description:
Successful Logon:
User Name: LOCAL SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E5)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-
000000000000}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
And that's it. I no longer get failures and the accounts
no longer lock out all the time (which is what alerted me
in the first place)
Thanks in advance
Chris