G
GM1997_601
Every time I login into my personal computer, I see an event ID 4723 with a timestamp of few minutes after logging in.
For example, I logged in at 6:01 PM and saw the event logged at 6:03 PM.
The event is as follows:
An attempt was made to change an account's password.
Subject:
Security ID: SYSTEM
Account Name: MyDesktop$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Target Account:
Security ID: MyDesktop\DefaultAccount
Account Name: DefaultAccount
Account Domain: MyDesktop
Additional Information:
Privileges -
I have not made any changes to any passwords. This is followed by an audit failure event 4625. This happens a couple times every time I log in and then stops.
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: MyDesktop$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 2
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: DefaultAccount
Account Domain: MyDesktop
Failure Information:
Failure Reason: Account currently disabled.
Status: 0xC000006E
Sub Status: 0xC0000072
Process Information:
Caller Process ID: 0x190
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: MyDesktop
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Can any one help me figure out what is going on? Thank you
Continue reading...
For example, I logged in at 6:01 PM and saw the event logged at 6:03 PM.
The event is as follows:
An attempt was made to change an account's password.
Subject:
Security ID: SYSTEM
Account Name: MyDesktop$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Target Account:
Security ID: MyDesktop\DefaultAccount
Account Name: DefaultAccount
Account Domain: MyDesktop
Additional Information:
Privileges -
I have not made any changes to any passwords. This is followed by an audit failure event 4625. This happens a couple times every time I log in and then stops.
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: MyDesktop$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 2
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: DefaultAccount
Account Domain: MyDesktop
Failure Information:
Failure Reason: Account currently disabled.
Status: 0xC000006E
Sub Status: 0xC0000072
Process Information:
Caller Process ID: 0x190
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: MyDesktop
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Can any one help me figure out what is going on? Thank you
Continue reading...