|
Posted by kj on July 4, 2006, 2:23 pm
Please log in for more thread options Thanks for the information. I was worried when I first saw these
messages. The netdiag test turned out fine, so no problems there.
Thanks agian!
KJ
Steven L Umbach wrote:
> It is not unusual to see null sessions entries in the security log. The
> event below looks like it was to indicate that the computer password was
> changed. I would not worry if the computer functions fine and passes the
> netdiag test for secure channel which is what the computer password is used
> for. I would be more concerned when seeing unexplained logons of user
> account that are in privileged groups or repeated logon failures for
> privileged group users such as administrator. --- Steve
>
>
> > Hi,
> >
> > I recently noticed this popping up in the securiry section of event
> > viewer:
> >
> > Computer Account Changed:
> > -
> > Target Account Name: JARR03$
> > Target Domain: JARR
> > Target Account ID: JARR\JARR03$
> > Caller User Name: SERVER$
> > Caller Domain: JARR
> > Caller Logon ID: (0x0,0x3E7)
> > Privileges: -
> > Changed Attributes:
> > Sam Account Name: -
> > Display Name: -
> > User Principal Name: -
> > Home Directory: -
> > Home Drive: -
> > Script Path: -
> > Profile Path: -
> > User Workstations: -
> > Password Last Set: 7/3/2006 6:22:28 PM
> > Account Expires: -
> > Primary Group ID: -
> > AllowedToDelegateTo: -
> > Old UAC Value: -
> > New UAC Value: -
> > User Account Control: -
> > User Parameters: -
> > Sid History: -
> > Logon Hours: -
> > DNS Host Name: -
> > Service Principal Names: -
> >
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> > I haven't seen this message before and it only occours once per
> > computer. What worries me is how the 'User' is NT AUTHORITY\ANONYMOUS
> > LOGON
> >
> > Is this something to be worried about?
> >
| 
XML Sitemap