Event ID 628: Password reset by... Expand / Collapse
Author
Message
Posted 7/12/2010 1:24:54 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 7/12/2010 12:50:32 AM
Posts: 1, Visits: 0
Hi,

on several Windows XP SP3 Clients we found event ID 628 together with event ID 642. The caller's username in both eventlog entries is computername$ (NTAUTHORITY\System).

We assume that some unauthoritzed users gained local admin rights on their machines and that those entries have something to do with it. What does it mean if the caller of an ID 628 is NTAuthority\System?

Kind regards,

Dago

Post #414
Posted 8/28/2010 5:02:52 PM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0
I missed seeing this question unitl now.  Whose password was reset?  Check the Target Account Name
Post #446
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 5:57pm