Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

Why this alert showing my user name in the client name fields

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Networking & Security] >> GFI EventsManager >> Why this alert showing my user name in the client name fields Page: [1]
Login
Message << Older Topic   Newer Topic >>
Why this alert showing my user name in the client name ... - 25.Jul.2008 9:47:29 AM   
mobi_khan

 

Posts: 31
Score: 0
Joined: 16.May2008
Status: offline

Hi guys I wanted to know what is excatly mean by this alert? I know that its someone Mubahsor.ismail is traing to take ownership attemp or has accessed the properties of the mentioned object, but I did not accessed this object, however there two programs GFI Event Manager and GFI LNSS which access this system but my user name is showing? Any idea??

Can I get any data to undserstadn the events generated by the GFI Event Manager? Is there some link?? If so please guide me.


Object Open:
Object Server: Security
Object Type: Key
Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Handle ID: 976
Operation ID: {0,246937358}
Process ID: 1252
Image File Name: D:\WINDOWS\system32\svchost.exe
Primary User Name: LOCAL SERVICE
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E5)
Client User Name: mubashir.ismail
Client Domain: SUN
Client Logon ID: (0x0,0xEB6E2A5)
Accesses:
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Query key value
Set key value
Create sub-key
Enumerate sub-keys
Notify about changes to keys
Create Link



Thanks
Post #: 1
RE: Why this alert showing my user name in the client n... - 25.Jul.2008 1:34:34 PM   
DrewE

 

Posts: 1058
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline 		Are the services that run these GFI applications running under your logon credentials?  Also, do you use these credentials within the software as "alternate credentials?"

_____________________________

Drew Easley - Technical Support Representative
GFI Software - www.gfi.com

(in reply to mobi_khan)
Post #: 2
RE: Why this alert showing my user name in the client n... - 29.Jul.2008 9:57:56 AM   
mobi_khan

 

Posts: 31
Score: 0
Joined: 16.May2008
Status: offline 		Yes the services are running under my credetials.

No I did not use the "alternate credentials", as I have the domain admin rights so I can use my credentials to run both the GFI Event Manager and GFI LNSS

(in reply to DrewE)
Post #: 3
RE: Why this alert showing my user name in the client n... - 30.Jul.2008 8:45:07 AM   
DrewE

 

Posts: 1058
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline 		With the services running under your credentials, these events will be generated showing your user name when the software is scanning remote machines.  This is normal, and if you wish to change this behavior, you will need to change the service account our software is running as, or disable auditing of these specific registry keys.

_____________________________

Drew Easley - Technical Support Representative
GFI Software - www.gfi.com

(in reply to mobi_khan)
Post #: 4
Page:   [1]
All Forums >> [Networking & Security] >> GFI EventsManager >> Why this alert showing my user name in the client name fields Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts