Success Audit Question???????

M

Mike_BEE

I received this Success Audit in the Security section of
the Event Viewer on my Windows 2000 Server

Indirect access to an object has been obtained:
Object Type: Port
Object Name: \RPC Control\ntsvcs
Process ID: 300
Primary User Name: PRIMARY-SERVER$
Primary Domain: PROUDDESIGNS
Primary Logon ID: (0x0,0x3E7)
Client User Name: PRIMARY-SERVER$
Client Domain: PROUDDESIGNS
Client Logon ID: (0x0,0x3E7)
Accesses: Communicate using port


What does it mean and how can I check how it was accessed.
 
S

Steven L Umbach

Hard to say exactly what is going on, but it looks like the server named
PRIMARY-SERVER is using RPC to access a port. That would not be so unusual on a
network. If you need more information I would run TCPView on that computer to see
what ports and processes the computer is using to see that the processes are
legitimate. If you need more explicit info on a process that you see use Process
Explorer. Both are free from SysInternals. --- Steve

http://www.sysinternals.com/ntw2k/source/tcpview.shtml
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event ID; 595 1
Change in Security Account Manager 2
SAM events 1
Event Error 560: Accesses MAX_ALLOWED 0
Security Log Multiple Success/Failure Audit records 1
audit 3
Help!Am I being hacked? 3
event 578 1

Top