Click here to get back home

User Password Security
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
User Password Security ChuckN 02-19-2008
Posted by ChuckN on February 19, 2008, 1:28 pm
Please log in for more thread options
 We have a W2K3 Enterprise server as our DC. In event viewer, I noticed
several similar events under security that I don't understand.

With event ID 646, a Computer Account Change is announced. Based on the
time stamp, it indicates that the User Password was Last Set at the same
time as the event. The User is listed as NT AUTHORITY\ANONYMOUS LOGON.
Under the description, an internal target account is listed.

I assume this is an automatic activity since it is not being initiated by
anyone. Initially, I thought it might be someone getting into our system
and somehow accessing or changing passwords. That does not seem to be the
case.

Any info would be appreciated.



Posted by fatcity on February 20, 2008, 5:41 pm
Please log in for more thread options
> We have a W2K3 Enterprise server as our DC. =A0In event viewer, I noticed
> several similar events under security that I don't understand.
>
> With event ID 646, a Computer Account Change is announced. =A0Based on the=

> time stamp, it indicates that the User Password was Last Set at the same
> time as the event. =A0The User is listed as NT AUTHORITY\ANONYMOUS LOGON.
> Under the description, an internal target account is listed.
>
> I assume this is an automatic activity since it is not being initiated by
> anyone. =A0Initially, I thought it might be someone getting into our syste=
m
> and somehow accessing or changing passwords. =A0That does not seem to be t=
he
> case.
>
> Any info would be appreciated.

I'd like to know some info about this event as well. I've done some
reading about this and from what I gather it is a normal occurance for
the machine passwords to be changed by AD. One person posted that it
happens every 30 days although I can't verify this. Any additional
info is GREATLY appreciated!!!!

Similar ThreadsPosted
unknown user name or bad password? July 14, 2005, 12:16 pm
Simple user/password management? July 6, 2005, 11:50 am
User account - password attribute ? February 21, 2006, 4:23 pm
Change user password with hash March 2, 2006, 11:52 am
Q: Change password for a smart card user March 22, 2006, 6:28 am
Unexpected security restriction for a user in both a user and administrative group. April 24, 2008, 10:05 pm
Password Security Policy for Local on Window 2003 March 14, 2008, 4:10 pm
What security policies effect tasklist.exe password prompt behavior? February 29, 2008, 9:29 am
Email User (Security) April 26, 2006, 11:01 pm
User Security Inheritance in Active Directory May 21, 2008, 1:44 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap