Success Audit Question???????

Archived from groups: microsoft.public.win2000.security (More info?)

I received this Success Audit in the Security section of
the Event Viewer on my Windows 2000 Server

Indirect access to an object has been obtained:
Object Type: Port
Object Name: \RPC Control\ntsvcs
Process ID: 300
Primary User Name: PRIMARY-SERVER$
Primary Domain: PROUDDESIGNS
Primary Logon ID: (0x0,0x3E7)
Client User Name: PRIMARY-SERVER$
Client Domain: PROUDDESIGNS
Client Logon ID: (0x0,0x3E7)
Accesses: Communicate using port


What does it mean and how can I check how it was accessed.
1 answer Last reply
More about success audit question
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hard to say exactly what is going on, but it looks like the server named
    PRIMARY-SERVER is using RPC to access a port. That would not be so unusual on a
    network. If you need more information I would run TCPView on that computer to see
    what ports and processes the computer is using to see that the processes are
    legitimate. If you need more explicit info on a process that you see use Process
    Explorer. Both are free from SysInternals. --- Steve

    http://www.sysinternals.com/ntw2k/source/tcpview.shtml

    "Mike_BEE" <anonymous@discussions.microsoft.com> wrote in message
    news:5e4001c474ba$d3b637d0$a501280a@phx.gbl...
    > I received this Success Audit in the Security section of
    > the Event Viewer on my Windows 2000 Server
    >
    > Indirect access to an object has been obtained:
    > Object Type: Port
    > Object Name: \RPC Control\ntsvcs
    > Process ID: 300
    > Primary User Name: PRIMARY-SERVER$
    > Primary Domain: PROUDDESIGNS
    > Primary Logon ID: (0x0,0x3E7)
    > Client User Name: PRIMARY-SERVER$
    > Client Domain: PROUDDESIGNS
    > Client Logon ID: (0x0,0x3E7)
    > Accesses: Communicate using port
    >
    >
    > What does it mean and how can I check how it was accessed.
Ask a new question

Read More

Security Domain Servers Windows