I am getting the following failure audits in Event Viewer daily. And they are
coming from different computers. I have substituted [domain] for my domain
name and [computer] for the name of the computer account and [server] for the
DC that the audits are showing up on. These are "computer names"(where it
says computer) not "user names" showing up, and what is funny there all
appended with the $ sign.
Also the accesses are different for each event. One may be "create child"
and another will be "write property".
Event Type: Failure Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 566
Date: 11/8/2004
Time: 11:26:36 AM
User: DOMAIN\COMPUTER$
Computer: SERVER
Description:
Object Operation:
Object Server: DS
Operation Type: Object Access
Object Type: dnsZone
Object Name: DC=domain.com,CN=MicrosoftDNS,CN=System,DC=domain, DC=com
Handle ID: -
Primary User Name: SERVER$
Primary Domain: DOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: COMPUTER$
Client Domain: DOMAIN
Client Logon ID: (0x0,0xBB68EEC)
Accesses: Create Child
Properties:
---
dnsNode
Additional
Info: DC=computer,DC=domain.com,cn=MicrosoftDNS,cn=Syste m,DC=domain,DC=com
Additional Info2: %{78f228f4-d7d5-4f40-8d2f-66fb0f3cc9f0}
Access Mask: 0x1
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Similar Threads
Linear Mode
