I have a firewall(hardware) as well as spyware and anti-virus application. I recently adjusted my security policies to log/audit failed attempts and I saw a failed attempt from TSInternetUser, I promptly disabled this account, like the guest account, is that enough or should I delete them. I also noticed some failed attempts with eventid 681 or 529 with the username SYSTEM, this also appears in the task manager SYSTEM(username) is this a default for Windows to run tasks. I just need to know if I need to make further adjustments or if our system is being hacked. Also should the $ Shares be disabled or limited as well?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Is the system being hacked
- Thread starter CTekGirl
- Start date
Do you have IIS running on that server? If so then you have disabled the default account it uses for anonymous authentication. You will want to provide a new account for it to use.
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
Most probably that is the cause, look at this link:
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question