D
djc
1) I'm looking into an account lockout issue and noticed that instead of
what I expected to be 'system', the user is listed as 'everyone'. ? I'm not
refering to the user that got locked out, but the user listed in event
viewer as the one performing the account management, which I am auditing.
Is that normal? for when an account gets locked out due to to many invalid
logon attempts?
2) even stranger (to me) is I have 2 account management events of 627
(password change attempts), one succeeded and one failed and the user listed
in event viewer was ANONYMOUS LOGON? Again, I'm not refering to the user who
was account password was being changed... but rather the logon listed as the
one doing it? I think this may be due to an Outlook Web Access issue that I
will follow up on but I figured I would through this here as well.
any info would be greatly appreciated. thanks.
what I expected to be 'system', the user is listed as 'everyone'. ? I'm not
refering to the user that got locked out, but the user listed in event
viewer as the one performing the account management, which I am auditing.
Is that normal? for when an account gets locked out due to to many invalid
logon attempts?
2) even stranger (to me) is I have 2 account management events of 627
(password change attempts), one succeeded and one failed and the user listed
in event viewer was ANONYMOUS LOGON? Again, I'm not refering to the user who
was account password was being changed... but rather the logon listed as the
one doing it? I think this may be due to an Outlook Web Access issue that I
will follow up on but I figured I would through this here as well.
any info would be greatly appreciated. thanks.