event veiwer security

  • Thread starter Thread starter David Murphy
  • Start date Start date
D

David Murphy

hi,
in my event log security i have success audits for( user account
password
set)
for all the following accounts (administrator,myself,guest,help
assistant,support)
i have no knowledge of how these passwords were created for these
accounts, can anyone provide me with any info on what may have caused this.
thanks,
David.

Details, category:account management
user: nt authority\system, type: success audit
Product: Windows Operating System
ID: 628
Source: Security
Version: 5.0
Component: Security Event Log
Symbolic Name: SE_AUDITID_USER_PWD_SET
Message: User Account password set:
Target Account Name:all of the above accounts, Target Domain: computer
name
Target Account ID:computer name\all of the above accounts
Caller User Name:computer name$
Caller Domain:mshome
Caller Logon ID: %6
 
In my experience, messages such as you post, are not
normally seen. This seems to say that the System account
was used to set the password of each named account.
Are you still able to log in ? As an admin ?
If so, I would suggest that you change the passwords of
all accounts, particularly admin accounts, as you can find
the full list by issuing at a cmd prompt
net localgroup administrators
Also, I would make sure that the firewall is on, and that
anything that is defined to come in from outside is supposed
to be there; and then I would run some good malware scanning
tools to see if the machine has known backdoors.
 
thanks for the advice roger, much appreciated.
-----Original Message-----
In my experience, messages such as you post, are not
normally seen. This seems to say that the System account
was used to set the password of each named account.
Are you still able to log in ? As an admin ?
If so, I would suggest that you change the passwords of
all accounts, particularly admin accounts, as you can find
the full list by issuing at a cmd prompt
net localgroup administrators
Also, I would make sure that the firewall is on, and that
anything that is defined to come in from outside is supposed
to be there; and then I would run some good malware scanning
tools to see if the machine has known backdoors.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
may have caused
this. Target Domain:
computer


.
Click to expand...
 
Back
Top