Events 528/576 caused by

You are not logged in. [Log In] CompatDB.org » Forums » Windows NT4/2000/XP/2003/Vista/2008/Home Server/7 » Security » Events 528/576 caused by

Events 528/576 caused by

Occasionally I see a pair of entries in the event viewer security log that are attributed to "anonymous user". Event 1: Event ID: 528 User: NTAuthority/anonymous Computer: (name of computer) Source: Security Type: Success Audit Catagor...

Topic Options

#158674 - 02/25/05 01:01 AM Events 528/576 caused by
sm5w2 stranger Registered: 10/30/04 Posts: 12	Occasionally I see a pair of entries in the event viewer security log that are attributed to "anonymous user". Event 1: Event ID: 528 User: NTAuthority/anonymous Computer: (name of computer) Source: Security Type: Success Audit Catagory: Logon/Logoff Description: Successful Logon: User Name: (blank) Domain (blank) Login Id: (0x0,0x3639) Logon Type: 3 Logon Process: KSecDD Authentication Process: Microsoft_Authentication_Package_V1_0 Workstation name: (blank) Event 2: Event ID:576 User: NT Authority/anonymous Computer: (name of computer) Source: Security Type: Success Audit Catagory: Privilege Use Description: Special privileges assigned to new logon: User name; (blank) Domain: (blank) Login ID: (0x0,0x3635) Assigned: SechangeNotifyPrivilege They come in pairs, same date and time stamp. the item "0x36nn" seems to change a little, but it's always "0x36nn". The item (blank) is really blank, empty space. The item (name of computer) is the name of the workstation. There is no "anonymous" user in the user manager. System is NT4 server, SP6. Should I be concerned with these items? If not, what are they? Why is their no user name printed? What is the Login ID?
Top

#158694 - 02/25/05 11:01 AM Re: Events 528/576 caused by
Wilhelmus old hand Registered: 12/21/04 Posts: 1025 Loc: Finland / Suomi	Quote: Should I be concerned with these items? If not, what are they? No, it is normal. See this: Quote: [url= http://www.derkeiler.com/Newsgroups/comp...02-02/0194.html " title="httpwwwderkeilercomNewsgroupscomposmswindowsntadminsecurity2002020194html titlehttpwwwderkeilercomNewsgroupscomposmswindowsntadminsecurity2002020194htmlurlhttpwwwderkeilercomNewsgroupscomposmswindowsntadminsecurity2002020194html relnofollow targetblankhttpwwwderkeilercomNewsgroupscomp02020194html" rel="nofollow" target="_blank">http://www.derkeiler.com/Newsgroups/comp...0194.html This is quite normal and shouldn't alarm you too much. The 'SeChangeNotifyPrivilege' is an advanced permission and bypasses traverse checking. Quote: Why is their no user name printed? It is anonymous.. sorry, do not know. Perhaps it is Windows' internal activity which will not log username.
Top

Microsoft does a great thing imo for users of their OS + wares

Index

Are there activation problems with Norton Internet Security 2005?

Forums

Windows Support Forums
Everything New Technology
Legacy OS
Hardware
Software
Games
Networking
Customization & Tweaking
Security

Linux Support Forums
Everything Linux
Linux Hardware
Linux Software
Linux Games
Linux Networking
Linux Customization & Tweaking
Linux Security

Apple Support Forums
Everything Apple