When you audit logons, and have the welcome screen enabled on your Windows XP Professional, you may record
Security events
that are similar to:
Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: date Time: time User: NT AUTHORITY\SYSTEM Computer: <Computer Name> Description: Logon Failure Reason: Unknown user name or bad password User Name: <User Name> Domain: <Computer Name> Logon Type: 2 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: <Computer Name> For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 680 Date: date Time: time User: NT AUTHORITY\SYSTEM Computer: <Computer Name> Description: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: <User Name> Source Workstation: <Computer Name> Error Code: 0xC000006A For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Success Audit Event Source: Security Event Category: Account Logon Event ID: 680 Date: date Time: time User: NT AUTHORITY\SYSTEM Computer: <Computer Name> Description: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: <User Name> Source Workstation: <Computer Name> Error Code: 0x0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Windows XP performs a limited logon for each account that is listed on the Welcome screen, so it will knows whether to prompt for a password.
If you don't want these events, disable the Welcome screen and use the Classic logon screen, or turn off auditing of logon/logoff events:
1. Start / Run / gpedit.msc / OK.
2. Navigate to Local Computer Policy \ Computer Configuration \ Windows Settings \ Security Settings \ Local Policy \ Audit Policy
3. Double-click Audit logon events and clear the Success and Failure boxes.
4. Press OK.
0 comments
Hide comments
