|
|
|
Forum Newbie
Group: Forum Members
Last Login: 3/24/2012 3:34:39 PM
Posts: 5,
Visits: 1
|
|
Hello folks, we have a security log management solution but we are receiving tons of alerts regarding event id 529 with logon type 3. After investigation we find out that in all the cases is because a computer is having problems to connect with AD or because support use the local Administrator to patch systems or perform other kind of maintenance, and since we have Active Directory every time a no valid user tries to access Internet it causes access denied because this user is not a valid domain user.
So my question is there a possible scenario where logon type 3 might represent a real force attack against one of my servers?
Regards
|
|
|
|
|
Expert
Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 326,
Visits: 0
|
|
| certainly. 529 is logon due to a bad password. logon type 3 is a network logon such as to a shared folder or accessing resources on the Windows server some other way from over the network
|
|
|
|