windows-server-2012-r2 – 如何在Windows Server 2012中查找462
发布时间:2020-12-14 00:15:05 所属栏目:Windows 来源:网络整理
导读:我的事件日志中有很多审核失败,事件ID为4625,登录类型为3. 这个问题是否构成我的服务器(内部服务或应用程序)? 或者这是暴力攻击? 最后,我如何找到此登录的来源并解决问题? 这是“常规”选项卡中的详细信息: An account failed to log on.Subject: Securi
我的事件日志中有很多审核失败,事件ID为4625,登录类型为3.
这个问题是否构成我的服务器(内部服务或应用程序)? 这是“常规”选项卡中的详细信息: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: aaman Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC0000064 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: test2 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 **And this is detailed information in Detail Tab:** + System - Provider [ Name] Microsoft-Windows-Security-Auditing [ Guid] {54849625-5478-4994-A5BA-3E3B0328C30D} EventID 4625 Version 0 Level 0 Task 12544 Opcode 0 Keywords 0x8010000000000000 - TimeCreated [ SystemTime] 2015-05-09T06:57:00.043746400Z EventRecordID 2366430 Correlation - Execution [ ProcessID] 696 [ ThreadID] 716 Channel Security Computer WIN-24E2M40BR7H Security - EventData SubjectUserSid S-1-0-0 SubjectUserName - SubjectDomainName - SubjectLogonId 0x0 TargetUserSid S-1-0-0 TargetUserName aaman TargetDomainName Status 0xc000006d FailureReason %%2313 SubStatus 0xc0000064 LogonType 3 LogonProcessName NtLmSsp AuthenticationPackageName NTLM WorkstationName test2 TransmittedServices - LmPackageName - KeyLength 0 ProcessId 0x0 ProcessName - IpAddress - IpPort -
我在服务器上有相同类型的事件.有数百次登录尝试具有不同的用户名,但没有可见的进程ID或IP地址.
我很确定它是来自互联网上的RDP连接而没有网络级别的身份验证. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
推荐文章
站长推荐
热点阅读