事件查看器windows 2003中的大量登录/注销事件
事件查看器windows 2003中的大量登录/注销事件
提问于 2012-06-06 05:42:34
我似乎在安全事件查看器中获得了很多这样的条目。每小时8到12点左右。我想知道我是否应该为此担心?(二)究竟是怎么回事,有人能帮忙吗?
Type: Success Audit
Source: Security
Category: Logon/Logoff
User: Network Service or IUSR_WIN2003
Logon attempt using explicit credentials:
Logged on user:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon GUID: -
User whose credentials were used:
Target User Name: IUSR_WIN2003
Target Domain: WILDEBB1
Target Logon GUID: -
Target Server Name: localhost
Target Server Info: localhost
Caller Process ID: 13224
Source Network Address: -
Source Port: -而且,就在这一次被录制之后,iis停止了接受连接,我不得不重新启动服务器。与此不同的是,登录过程使用ADVAPI.
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 05/06/2012
Time: 13:59:10
User: WILDEAA1\IUSR_WIN2003
Computer: WILDEAA1
Description:
Successful Network Logon:
User Name: IUSR_WIN2003
Domain: WILDEAA1
Logon ID: (0x0,0x5FDB22D)
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: WILDEAA1
Logon GUID: -
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0,0x3E4)
Caller Process ID: 13224
Transited Services: -
Source Network Address: -
Source Port: -回答 1
Server Fault用户
回答已采纳
发布于 2012-06-06 07:48:28
IUSR帐户是在安装IIS时创建的匿名用户帐户。你在那个服务器上运行网站吗?每当IIS试图为匿名用户登录帐户时,您都会看到登录事件。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/395961
复制相关文章
相似问题
腾讯云开发者
