Success Audit Question???????



I received this Success Audit in the Security section of
the Event Viewer on my Windows 2000 Server

Indirect access to an object has been obtained:
Object Type: Port
Object Name: \RPC Control\ntsvcs
Process ID: 300
Primary User Name: PRIMARY-SERVER$
Primary Domain: PROUDDESIGNS
Primary Logon ID: (0x0,0x3E7)
Client User Name: PRIMARY-SERVER$
Client Logon ID: (0x0,0x3E7)
Accesses: Communicate using port

What does it mean and how can I check how it was accessed.



Steven L Umbach

Hard to say exactly what is going on, but it looks like the server named
PRIMARY-SERVER is using RPC to access a port. That would not be so unusual on a
network. If you need more information I would run TCPView on that computer to see
what ports and processes the computer is using to see that the processes are
legitimate. If you need more explicit info on a process that you see use Process
Explorer. Both are free from SysInternals. --- Steve

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question