Guest Account - Caller Process explorer.exe Expand / Collapse
Author
Message
Posted 6/14/2016 11:53:28 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 6/14/2016 11:40:35 AM
Posts: 1, Visits: 0
Below is an event that is causing a lot of noise in my alert for account lock outs. The user is not locked out, instead the Guest account is disabled returning a winevent that triggers an alert that is a false positive.

But what I'd really like to understand is why the it appears the user is attempting to logon with the guest account. As far as I can tell the user is not attempting to use or can even see the guest account. Yet these events continue to populate.


LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=4625
EventType=0
Type=Information
ComputerName=(Removed)
TaskCategory=Logon
OpCode=Info
RecordNumber=
Keywords=Audit Failure
Message=An account failed to log on.

Subject:
Security ID: (Removed)
Account Name: (Removed)
Account Domain: (Removed)
Logon ID: 0x35429c

Logon Type: 3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Guest
Account Domain: (Removed)

Failure Information:
Failure Reason: Account currently disabled.
Status: 0xc000006e
Sub Status: 0xc0000072

Process Information:
Caller Process ID: 0x1edc
Caller Process Name: C:\Windows\explorer.exe

Network Information:
Workstation Name: (Removed)
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Post #5221
Posted 6/16/2016 11:03:41 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 6/16/2016 11:00:19 AM
Posts: 1, Visits: 0
I am having this same issue on both domain pcs and workgroup (peer to peer) pcs. Any help would be appreciated.
Post #5222
Posted 6/26/2016 3:19:42 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 237, Visits: 0
It's hard to say what is causing this event to be generated with only this event. I have seen guest event logon failures because of permissions on shared folders set to Everyone. http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/event-log-failed-logon-event/2daffcc6-0215-4f6a-9cc5-a5e5664acdbb?auth=1
Post #5227
Posted 1/3/2017 3:29:18 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 1/3/2017 3:44:05 PM
Posts: 1, Visits: 2
I know this is getting old, but I just went through this and will give back by letting you know how I resolved it.

In my case the failed login with the disabled "Guest" account was indeed a folder permission. "Everyone" has to be removed from the folders permissions (it shouldn't really be used anyway, in my opinion), however in my case this also prevented an unknown "user" for mysql (in a software package) from accessing the folder. This was a problem. The solution? Add "Domain users" to the permissions and (yes, believe it or not) add the disabled "Guest" account to the permissions too. You'll get an error, but it WILL let you add the disabled account to the permissions. After that, mysql gets into the folder, and no more "Guest" failed log ins.

I would have preferred to resolve the issue by determining what mysql was using to access the folder, but even the developer was unable to tell me what credentials it might be using... sometimes applying a band-aid is all you can do...
Post #7305
Posted 9/13/2018 8:23:49 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 9/13/2018 8:13:18 AM
Posts: 1, Visits: 0
I have also face this problem and found the solution of this problem. A error is occurred in computer, fix explorer.exe errors after doing that this problem is solved.
Post #8499
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 10:49pm