A
archie
I have several of the event below happening with different users from their
respective workstations happening over night when we are certain that the
users are not in the office and have no way of physically accessing their
computers. Is there a legitimate reason for these types of failure audit
events? If not, how can I track down the source of the issue and ensure there
are not security problems going on?
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 530
Date: 3/31/2008
Time: 5:36:30 AM
User: NT AUTHORITY\SYSTEM
Computer: BDCServer
Description:
Logon Failure:
Reason: Account logon time restriction violation
User Name: JoeSchmoe
Domain: ORGDOMAIN
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: OrgWorkstation
respective workstations happening over night when we are certain that the
users are not in the office and have no way of physically accessing their
computers. Is there a legitimate reason for these types of failure audit
events? If not, how can I track down the source of the issue and ensure there
are not security problems going on?
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 530
Date: 3/31/2008
Time: 5:36:30 AM
User: NT AUTHORITY\SYSTEM
Computer: BDCServer
Description:
Logon Failure:
Reason: Account logon time restriction violation
User Name: JoeSchmoe
Domain: ORGDOMAIN
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: OrgWorkstation