Guest Scott Ehrlich Posted November 2, 2007 Posted November 2, 2007 I have a Windows XP w/SP2 machine on an isolated LAN, with a Linux server acting as a Samba NT 4 PDC. A review on the Windows machine's event viewer revealed a user's account that only had a logout entry and a very unusual hour. Just before that entry, someone else had logged in and logged out, but several hours beforehand. I keep very tight controls on the systems, and I'm the only one with Admin/root rights. What might be the cause of that unusual entry? Thanks for any insights. Scott
Guest Dave Patrick Posted November 3, 2007 Posted November 3, 2007 Re: Help with Event Viewer timetamp for login/logout? Take a look at all automatic scheduled processes. -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect "Scott Ehrlich" wrote: > > I have a Windows XP w/SP2 machine on an isolated LAN, with a Linux server > acting as a Samba NT 4 PDC. > > A review on the Windows machine's event viewer revealed a user's account > that only had a logout entry and a very unusual hour. Just before that > entry, someone else had logged in and logged out, but several hours > beforehand. > > I keep very tight controls on the systems, and I'm the only one with > Admin/root rights. > > What might be the cause of that unusual entry? > > Thanks for any insights. > > Scott
Guest Scott Ehrlich Posted November 3, 2007 Posted November 3, 2007 Re: Help with Event Viewer timetamp for login/logout? Are there any knowledgebase articles that refer to possibly delayed event log write action - such as a person logging out of a machine, that information being cached but never written to disk until another action forces the cache flush, and when the cache is flushed, then the event is noted - a delayed action making it seem the event took place later than it did? In article <701CC355-462C-424E-A2C8-058B632EC632@microsoft.com>, Dave Patrick <DSPatrick@nospam.gmail.com> wrote: >Take a look at all automatic scheduled processes. > >-- > >Regards, > >Dave Patrick ....Please no email replies - reply in newsgroup. >Microsoft Certified Professional >Microsoft MVP [Windows] >http://www.microsoft.com/protect > >"Scott Ehrlich" wrote: >> >> I have a Windows XP w/SP2 machine on an isolated LAN, with a Linux server >> acting as a Samba NT 4 PDC. >> >> A review on the Windows machine's event viewer revealed a user's account >> that only had a logout entry and a very unusual hour. Just before that >> entry, someone else had logged in and logged out, but several hours >> beforehand. >> >> I keep very tight controls on the systems, and I'm the only one with >> Admin/root rights. >> >> What might be the cause of that unusual entry? >> >> Thanks for any insights. >> >> Scott >
Guest Dave Patrick Posted November 3, 2007 Posted November 3, 2007 Re: Help with Event Viewer timetamp for login/logout? None that I'm aware of. I don't think it would work that way. Some service or task may be configured to use that account. Try changing the password to see what breaks. -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect "Scott Ehrlich" wrote: > > Are there any knowledgebase articles that refer to possibly delayed event > log write action - such as a person logging out of a machine, that > information being cached but never written to disk until another action > forces the cache flush, and when the cache is flushed, then the event is > noted - a delayed action making it seem the event took place later than it > did?
Recommended Posts