TSInternetUser

G

Guest

I noticed an event log entry on one of my SBS2000 servers indicating a
password change attempt on TSInternetUser. Since I do not use the Internet
Licensor, I disabled the account. However, I noticed that the hit was at
exactly the same time each day. It's a pretty good bet that it will happen at
the same time today.

What can I do to capture the source IP address of the hit if/when it comes
today?
 
G

Guest

I ran into that article before I posted. However, several things made me
wonder if it was the system or an intruder.

1. I do not have Terminal Services Internet Connector Licensing enabled.
2. I saw quote a bit of info on the net concerning hack attempts using the
TSInternetUser account.
3. This has been happening only in the last week, so unless some Windows
Update awakened some sleeping process, it must be an outside force.
4. These are failure notices; the password was not successfully changed. One
would assume that anything done by Windows would be successful.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Tsinternet user fails on password change 0
Invalid Login Error - Services Do Not Start 4
Push notifications. 6
ATIeRecord EEU Error Event in Windows 7? 5
Event viewer access 3
Event Viewer not showing entries 1
Windows 7 Windows 7 updates - issue with same update repeated 3
IP Routing 3

Top