If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
MS Baseline Security Audit Failure
I really need some advice.
While running MS Baseline Security Analyzer, I noted the following: 1) detection of more two Admin Accounts, as follows: A) Administrator B) Angela C) S-1-5-21-4758197-677485609-1728312259-1003 Questions - What is the third account ("C") and how can I delete it? Note that I did not knowingly set this account up. 2) When I reviewed the event logs for the time period during the run of MS Baseline Security Analyzer I noticed hundreds of Failure Audits with ID Code of 627 and the following description: SE_AUDITID_USER_PWD_CHANGED The Target Acount ID varies with each logged failure but follows this format: OURDOMAIN\SUPPORT_388945a0 OURDOMAIN\SUPPORT_b326ad0c OURDOMAIN\HelpAssistant OURDOMAIN\Administrator OURDOMAIN\Angela Question - Microsoft's support site suggests "This event might indicate that someone is trying to get the password of another user." Is this related to a misconfiguration of Windows settings in combination with using MS Baseline Security Analyzer OR is somebody trying hack into my computer? Any insight or help with this mystery would be greatly appreciated. |
Ads |
Thread Tools | |
Display Modes | |
|
|