最后三个午夜我在日志中得到了事件ID 539 …关于我自己的帐户:
原文链接:https://www.f2er.com/windows/368038.htmlEvent Type: Failure Audit Event Source: Security Event Category: logon/logoff Event ID: 539 Date: 2010-04-26 Time: 12:00:20 AM User: NT AUTHORITY\SYSTEM Computer: SERVERNAME Description: logon Failure: Reason: Account locked out User Name: MyUser Domain: MYDOMAIN logon Type: 3 logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: SERVERNAME Caller User Name: - Caller Domain: - Caller logon ID: - Caller Process ID: - Transited Services: - Source Network Address: - Source Port: -
它总是在午夜的半分钟之内.之前没有登录尝试.在它之后(在同一秒内)有一个成功的审计条目:
logon attempt using explicit credentials: Logged on user: User Name: SERVERNAME$ Domain: MYDOMAIN logon ID: (0x0,0x3E7) logon GUID: - User whose credentials were used: Target User Name: MyUser Target Domain: MYDOMAIN Target logon GUID: - Target Server Name: servername.mydomain.lan Target Server Info: servername.mydomain.lan Caller Process ID: 2724 Source Network Address: - Source Port: -
所有这三个进程ID都相同,所以我查了一下,现在至少它映射到TCP / IP Services(Microsoft).
我不相信我在周五更改了任何政策或任何内容.我该怎么解释这个?
