|
Posted by BT on February 7, 2007, 8:43 pm
Please log in for more thread options Yes, these workstations is used by our company staff.
Thanks for your explanation.
BT
> Is it possibly common on the workstations producing the error to log in
> with
> the local administrator account for some tasks? This could be caused by
> the
> local administrator attempting access to a domain-authenticated resource
> without specifically specifying alternate credentials before hand.
>
> Are these workstations in use by staff in the IT environment? Without
> knowing the time span in which the event log errors are developing or the
> size of your environment, its tough to define the threshold for what
> should
> be acceptable for the "fat finger factor" by your own staff.
> --
> Wayne Anderson
> http://blog.avanadeadvisor.com/blogs/waynea/
>
>
> "BT" wrote:
>
>> It is logged in the DC event.
>> All user using their domain user account to connect the network, not the
>> administrator account.
>>
>> Any idea?
>> Thanks
>>
>> BT
>>
>> > An incorrect password is being specified for the administrator account.
>> > This
>> > this on a DC event log or a local event log?
>> >
>> > --
>> > Wayne Anderson
>> > http://blog.avanadeadvisor.com/blogs/waynea/
>> >
>> >
>> > "BT" wrote:
>> >
>> >> Hi all
>> >>
>> >> I found that many failed security audit in the event log. For
>> >> example:-
>> >> The logon to account: administrator by:
>> >> MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: WRK001 failed.
>> >> The
>> >> error code was: 3221225578
>> >>
>> >> The logon to account: administrator by:
>> >> MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: WRK002 failed.
>> >> The
>> >> error code was: 3221225578
>> >>
>> >> ...
>> >>
>> >> They are come from many different pc.
>> >>
>> >> Can someone explain to me what is happening?
>> >>
>> >> Thanks
>> >> BT
>> >>
>>
| 
XML Sitemap