none
Advapi RRS feed

  • 问题

  • 最近有一个用户的域账户老是被锁掉,查看事件日志,发现有这个用户不断尝试登录系统的记录,其实,这个用户是没有登录这台系统的权限的。网上查了下,都说有可能系统被入侵,但是用查毒软件去scan,也没有查出什么东东。所以来到此处,希望可以找到根源,或者是有没有一个比较好的方法可以去判断。请指导,谢谢!

    Logon Failure:
      Reason:  Unknown user name or bad password
      User Name: xxxxxxxx
      Domain:  global
      Logon Type: 10
      Logon Process: User32 
      Authentication Package: Negotiate
      Workstation Name: xxxxxxxxx
      Caller User Name: xxxxxxxxx$
      Caller Domain: GLOBAL
      Caller Logon ID: (0x0,0x3E7)
      Caller Process ID: 1004
      Transited Services: -
      Source Network Address: xxx.xx.xxx.xxx
      Source Port: 59059


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Logon Failure:
      Reason:  Account locked out
      User Name: xxxxxxxx
      Domain: global
      Logon Type: 8
      Logon Process: Advapi 
      Authentication Package: Negotiate
      Workstation Name: xxxxxxxxx
      Caller User Name: NETWORK SERVICE
      Caller Domain: NT AUTHORITY
      Caller Logon ID: (0x0,0x3E4)
      Caller Process ID: 1764
      Transited Services: -
      Source Network Address: -
      Source Port: -


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    2013年11月6日 2:04