As part of trying to secure up things around here, I have ran into
something that as puzzled me.
On our SQL 2000 Servers, we set the audit police in Local Security Settings
to the follow:
Audit account logon event: Success, Failure
Audit account management: Success, Failure
Audit logon events: Success, Failure
Audit object access: Success, Failure
Audit policy change: Success, Failure
Audit system events: Success, Failure
When people connect to the SQL server using Enterprise Manager, they use
the 'sa' account. (It is only 4 people here and giving them 'sa' access is
not a problem.) On two of them, when they connect to the SQL server, event
viewer records ID 529 (Login Failure: unknown user name or bad password.)
and ID 681 (The login to account.... failed.). Their windows username is
shown in the event viewer logs for these IDs. This only happens when they
use enterprise manager. It is logged in event viewer every 3
seconds. When they close enterprise manager, event viewer does not
register any more failed logons.
I have enterprise manager set to use SQL authentication. I do not use
Window profiles for SQL logins.
Any reason why this would occur? Why would their usernames by logged in
event viewer when they are using enterprise manager?
Thanks in advance for your help.
Jacob
------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
