Who can explain this? Has any possible answer?

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

One day when I browse security event logs on one of my user's computer ,I
found some abnormal thing :

Event Properties
Date: 5/9/2005 source: Security
time: 5:45:27 AM Category:Logon/Logoff
type: Failure Audit event ID:531
user:NT AUTHORITY\SYSTEM
computer:BSGQ

Logon Failure:
Reason: Account currently disabled
User Name: IUSR_BSGQ
Domain: BSGQ
Logon Type: 3
Logon Process:IIS
Authentication Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name:BSGQ

Enviorment: The computer's operation system is WindowsXP English sp2.
The computer belongs to a Domain.
The computer user only has Domain Users privilege .
The computer has never installed IIS.(I check this on the
computer.)

Why? What happened?
2 answers Last reply
More about explain this answer
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi.


    Well, I would suggest that it is most likely that at some stage somebody has
    installed IIS on the system.


    The 531 Logon Failure: Account currently disabled should have more
    information associated with it to tell you from where the call is happening
    and possibly even the process ID (specific to the machine the call is being
    made from) that is trying to use this account.


    HTH, Les


    This posting is provided "AS IS" with no warranties, and confers no rights.


    "jiangjinhai" <jiangjinhai@citiz.net> wrote in message
    news:OAtwKriVFHA.2572@TK2MSFTNGP14.phx.gbl...
    > One day when I browse security event logs on one of my user's computer ,I
    > found some abnormal thing :
    >
    > Event Properties
    > Date: 5/9/2005 source: Security
    > time: 5:45:27 AM Category:Logon/Logoff
    > type: Failure Audit event ID:531
    > user:NT AUTHORITY\SYSTEM
    > computer:BSGQ
    >
    > Logon Failure:
    > Reason: Account currently disabled
    > User Name: IUSR_BSGQ
    > Domain: BSGQ
    > Logon Type: 3
    > Logon Process:IIS
    > Authentication Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    > Workstation Name:BSGQ
    >
    > Enviorment: The computer's operation system is WindowsXP English sp2.
    > The computer belongs to a Domain.
    > The computer user only has Domain Users privilege .
    > The computer has never installed IIS.(I check this on the
    > computer.)
    >
    > Why? What happened?
    >
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    After I found the audit message,I inspected the computer and did not find
    any footprint that IIS had been installed.
    My company execute very seriously computer management method on the job-use
    computer.The computer could not connect to internet and no cdrom.
    The autdit infomation made me feeling worry about whether there would be any
    privileges leak to normal user.
    Windows XP is too complex!
    Any more information who can tell me?
Ask a new question

Read More

Security Computers Microsoft Windows XP