MBSA Scan Attempting to Change Local User Passwords
I recently ran a security scan using mbsa 2.1 on one of my member servers. After the scan a local account used for printer scanning operations would not function until the password was reset. Upon further investigation I found the following event stamped multiple times in my Security Logs:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Management
Event ID: 627
Date: 11/6/2009
Time: 10:53:40 AM
User: XXXX\aXXXXX
Computer: LocalHost
Description:
Change Password Attempt:
Target Account Name: Scanner
Target Domain: LocalHost
Target Account ID: LocalHost\Scanner
Caller User Name: aXXXXXX
Caller Domain: XXXX
Caller Logon ID: (0x0,0x9B43AD)
Privileges: -
My understanding was that mbsa checked if the account was locked out and reset the account, but I have never seen it make an attempt to change the password. Does anyone have insight into this issue?
Thanks.
