Archived from groups: microsoft.public.win2000.advanced_server (
More info?)
Thanks for that Mike
The trouble I have is that I do know whether these events
are benign or not. I have recently cleared out a load of
email garbage because the server was being used as a
relay. You helped a lot on that and everything seems
fine now. I am wondering whether these events could be
related or not but I have nothing to indicate a problem
as such.
I think that the alarming bit is that the only events in
the security log are those I have identified and they all
appear on the same day.
I am not sure what else to do at this stage.
Regards
Alan
>-----Original Message-----
>Alan,
>
>I'm by no means an expert in this subject matter of
Security, Log On and/or
>GPO, but I'll try to assist you to the best of my
ability.
>
>You have a laundry list of events that you cannot
troubleshoot all together,
>because they may all be unrelated to each other and just
one or more of
>these events can send off on a wild goose chase.
>
>If these events are posing a problem, explain with
elaborated details the
>problem you're experiencing so we can try to
troubleshoot the main problem.
>
>--
>Hope this helps,
>Mike Rosado
>Windows 2000 MCSE + MCDBA
>Microsoft Enterprise Platform Support
>Windows NT/2000/2003 Cluster Technologies
>
>====================================================
>When responding to posts, please "Reply to Group" via
your newsreader so
>that others may learn and benefit from your issue.
>====================================================
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
><http://www.microsoft.com/info/cpyright.htm>
>
>-----Original Message-----
>
>"Alan Hodge" <anonymous@discussions.microsoft.com> wrote
in message
>news:379701c4a55a$108667a0$a301280a@phx.gbl...
>> Hi Mike
>>
>> The event ID isn't 2061. That was the number of events
>> logged during the 1 1/2 hour period on August 18.
>>
>>
>>
>> >-----Original Message-----
>> >Hi Alan,
>> >
>> >Please provide the detailed description of the Event
ID
>> 2061.
>> The Event IDs were: 512; 514; 515; 518; 528; 538(very
>> many); 540 very many); 565; 576(very many); 577; 578;
>> 592; 593;612; 617; 672; 673; 677; 680; 682; 683.
>>
>> They were varying descriptions:
>>
>> Events Event IDs
>>
>> Account Logons: 672,673,677,680
>>
>> Detailed Tracking: 592,593
>>
>> Logon/Logoff: 538,540
>>
>> Object Access: 565
>>
>> Policy Change: 612,617
>>
>> Privelege Use: 576,577
>>
>> System Event: 514,515,518
>>
>>
>> Hope to hear from you soon
>>
>> Alan
>>
>>
>> >--
>> >Hope this helps,
>> >Mike Rosado
>> >Windows 2000 MCSE + MCDBA
>> >Microsoft Enterprise Platform Support
>> >Windows NT/2000/2003 Cluster Technologies
>> >
>> >====================================================
>> >When responding to posts, please "Reply to Group" via
>> your newsreader so
>> >that others may learn and benefit from your issue.
>> >====================================================
>> >
>> >This posting is provided "AS IS" with no warranties,
and
>> confers no rights.
>> ><http://www.microsoft.com/info/cpyright.htm>
>> >
>> >-----Original Message-----
>> >
>> >"Alan Hodge" <anonymous@discussions.microsoft.com>
wrote
>> in message
>> >news:06b301c4a539$d9d6abe0$a601280a@phx.gbl...
>> >> Hello all
>> >>
>> >> I hope someone can help on this one.
>> >>
>> >> On August 18 this year between 15:32 and 17:18, 2061
>> >> events were logged on my Security event viewer.
>> >>
>> >> The IDs were: 512; 514; 515; 518; 528; 538(very
many);
>> 540
>> >> (very many); 565; 576(very many); 577; 578; 592;
593;
>> >> 612; 617; 672; 673; 677; 680; 682; 683.
>> >>
>> >> Does anyone know what happened? I cannot link this
to
>> >> anything else for that day. We had no engineers
around
>> >> doing anything to the server. It was just an
ordinary
>> >> day.
>> >>
>> >> It seems a bit spooky. Should I be worried?
>> >>
>> >> Thanks in advance.
>> >
>> >
>> >.
>> >
>
>
>.
>