Sign in with
Sign up | Sign in
Your question

Who can explain this? Has any possible answer?

Last response: in Windows XP
Share
Anonymous
a b 8 Security
May 12, 2005 1:10:25 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

One day when I browse security event logs on one of my user's computer ,I
found some abnormal thing :

Event Properties
Date: 5/9/2005 source: Security
time: 5:45:27 AM Category:Logon/Logoff
type: Failure Audit event ID:531
user:NT AUTHORITY\SYSTEM
computer:BSGQ

Logon Failure:
Reason: Account currently disabled
User Name: IUSR_BSGQ
Domain: BSGQ
Logon Type: 3
Logon Process:IIS
Authentication Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name:BSGQ

Enviorment: The computer's operation system is WindowsXP English sp2.
The computer belongs to a Domain.
The computer user only has Domain Users privilege .
The computer has never installed IIS.(I check this on the
computer.)

Why? What happened?

More about : explain answer

Anonymous
a b 8 Security
May 12, 2005 8:17:14 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi.



Well, I would suggest that it is most likely that at some stage somebody has
installed IIS on the system.



The 531 Logon Failure: Account currently disabled should have more
information associated with it to tell you from where the call is happening
and possibly even the process ID (specific to the machine the call is being
made from) that is trying to use this account.



HTH, Les



This posting is provided "AS IS" with no warranties, and confers no rights.


"jiangjinhai" <jiangjinhai@citiz.net> wrote in message
news:o AtwKriVFHA.2572@TK2MSFTNGP14.phx.gbl...
> One day when I browse security event logs on one of my user's computer ,I
> found some abnormal thing :
>
> Event Properties
> Date: 5/9/2005 source: Security
> time: 5:45:27 AM Category:Logon/Logoff
> type: Failure Audit event ID:531
> user:NT AUTHORITY\SYSTEM
> computer:BSGQ
>
> Logon Failure:
> Reason: Account currently disabled
> User Name: IUSR_BSGQ
> Domain: BSGQ
> Logon Type: 3
> Logon Process:IIS
> Authentication Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name:BSGQ
>
> Enviorment: The computer's operation system is WindowsXP English sp2.
> The computer belongs to a Domain.
> The computer user only has Domain Users privilege .
> The computer has never installed IIS.(I check this on the
> computer.)
>
> Why? What happened?
>
Anonymous
a b 8 Security
May 13, 2005 11:34:33 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

After I found the audit message,I inspected the computer and did not find
any footprint that IIS had been installed.
My company execute very seriously computer management method on the job-use
computer.The computer could not connect to internet and no cdrom.
The autdit infomation made me feeling worry about whether there would be any
privileges leak to normal user.
Windows XP is too complex!
Any more information who can tell me?
!