• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Other users in security log event viewer

G

gmc8757

Member
I have a few different users show up in my security log of my event viewer. I know if someone tries to c$ it will show a logon/logoff entry for that user. No one should be doing that though, and the users who show up in the viewer, I doubt would even know how to do that. Why else would other users show up in my security log?

I know i can lock it down with group policy, but I'd like to know why they show up there. Any clues?

Thanks.
 
Sorry it took a lil while for me to get back to you, been out of the office. Anyway, here is an example below. This userA doesn't even know how to do c$ or any other way of loggin into my pc. So do you think they are infected, or I'm infected? I can show you more, like computername$ logon/logoff entries as well as users.


Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 12/22/2006
Time: 4:19:51 PM
User: thedomain\userA
Computer: computerA
Description:
User Logoff:
User Name: userA
Domain: thedomain
Logon ID: (0x0,0x9979C0B)
Logon Type: 3


 
Only the administrative shares. No open shares where these users could log into. That's what raised the concern because there is no use for the user perform a network logon to this computer.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top