Sign in with
Sign up | Sign in
Your question

Success Audit Question???????

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
July 28, 2004 12:52:03 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I received this Success Audit in the Security section of
the Event Viewer on my Windows 2000 Server

Indirect access to an object has been obtained:
Object Type: Port
Object Name: \RPC Control\ntsvcs
Process ID: 300
Primary User Name: PRIMARY-SERVER$
Primary Domain: PROUDDESIGNS
Primary Logon ID: (0x0,0x3E7)
Client User Name: PRIMARY-SERVER$
Client Domain: PROUDDESIGNS
Client Logon ID: (0x0,0x3E7)
Accesses: Communicate using port


What does it mean and how can I check how it was accessed.

More about : success audit question

Anonymous
a b 8 Security
July 28, 2004 8:32:48 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hard to say exactly what is going on, but it looks like the server named
PRIMARY-SERVER is using RPC to access a port. That would not be so unusual on a
network. If you need more information I would run TCPView on that computer to see
what ports and processes the computer is using to see that the processes are
legitimate. If you need more explicit info on a process that you see use Process
Explorer. Both are free from SysInternals. --- Steve

http://www.sysinternals.com/ntw2k/source/tcpview.shtml

"Mike_BEE" <anonymous@discussions.microsoft.com> wrote in message
news:5e4001c474ba$d3b637d0$a501280a@phx.gbl...
> I received this Success Audit in the Security section of
> the Event Viewer on my Windows 2000 Server
>
> Indirect access to an object has been obtained:
> Object Type: Port
> Object Name: \RPC Control\ntsvcs
> Process ID: 300
> Primary User Name: PRIMARY-SERVER$
> Primary Domain: PROUDDESIGNS
> Primary Logon ID: (0x0,0x3E7)
> Client User Name: PRIMARY-SERVER$
> Client Domain: PROUDDESIGNS
> Client Logon ID: (0x0,0x3E7)
> Accesses: Communicate using port
>
>
> What does it mean and how can I check how it was accessed.
!