Event ID 529 with username : User and SYSTEM Expand / Collapse
Posted 6/14/2011 9:16:31 AM


Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0
Is the source port getting filled in on the 529s?  If so you will need to audit outgoing TCP connections on one of the offending workstations and see what program is sending stuff from that port.  You can audit outgoing TCP connections with the Win2008 security log but not with Win2003.  I think however that the Windows Firewall log (text based) will allow you to do that. 
Post #728
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 9:57pm