Event ID 560

G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

I am getting failure audits every minute that such as the ones pasted below. I have been unable to isolate the problem. Please help. I am using Windows 2003 server on an Dell Power edge. Brand New Box.

Object Open:
Object Server: Security
Object Type: Event
Object Name: \BaseNamedObjects\crypt32LogoffEvent
Handle ID: -
Operation ID: {0,3378133}
Process ID: 3208
Image File Name: C:\WINDOWS\system32\mmc.exe
Primary User Name: rsimms
Primary Domain: E_P0LICY
Primary Logon ID: (0x0,0x1967C)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
Query event state
Modify event state

Privileges: -
Restricted Sid Count: 0
Access Mask: 0x1F0003

Object Open:
Object Server: Security
Object Type: File
Object Name: \Device\NetbiosSmb
Handle ID: -
Operation ID: {0,3373537}
Process ID: 1060
Image File Name: C:\WINDOWS\system32\svchost.exe
Primary User Name: LOCAL SERVICE
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E5)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses: SYNCHRONIZE
ReadData (or ListDirectory)
WriteData (or AddFile)

Privileges: -
Restricted Sid Count: 0
Access Mask: 0x100003
 

Jerry

Distinguished
Dec 31, 2007
1,812
0
19,780
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

I have been getting the same events on all my servers and workstations.
The servers are all 2003 and the workstations are all XP sp1.

"gettingitdone" wrote:

> I am getting failure audits every minute that such as the ones pasted below. I have been unable to isolate the problem. Please help. I am using Windows 2003 server on an Dell Power edge. Brand New Box.
>
> Object Open:
> Object Server: Security
> Object Type: Event
> Object Name: \BaseNamedObjects\crypt32LogoffEvent
> Handle ID: -
> Operation ID: {0,3378133}
> Process ID: 3208
> Image File Name: C:\WINDOWS\system32\mmc.exe
> Primary User Name: rsimms
> Primary Domain: E_P0LICY
> Primary Logon ID: (0x0,0x1967C)
> Client User Name: -
> Client Domain: -
> Client Logon ID: -
> Accesses: DELETE
> READ_CONTROL
> WRITE_DAC
> WRITE_OWNER
> SYNCHRONIZE
> Query event state
> Modify event state
>
> Privileges: -
> Restricted Sid Count: 0
> Access Mask: 0x1F0003
>
> Object Open:
> Object Server: Security
> Object Type: File
> Object Name: \Device\NetbiosSmb
> Handle ID: -
> Operation ID: {0,3373537}
> Process ID: 1060
> Image File Name: C:\WINDOWS\system32\svchost.exe
> Primary User Name: LOCAL SERVICE
> Primary Domain: NT AUTHORITY
> Primary Logon ID: (0x0,0x3E5)
> Client User Name: -
> Client Domain: -
> Client Logon ID: -
> Accesses: SYNCHRONIZE
> ReadData (or ListDirectory)
> WriteData (or AddFile)
>
> Privileges: -
> Restricted Sid Count: 0
> Access Mask: 0x100003
>
>
>
>
>