this was new to me so thought I would pass it along to the group in case it saves anyone some time.
Got a call from one of the other admins and they noticed a logon by me at the same time that a service stopped. I have a remediation script that kicks off at this time, but wasn't aware it was using my admin account. So told him that's what it was and I'd take care of it. So as I dig into it, I find none of the other servers that ran the script showed a logon using my account. So now, I'm really scratching my head. So I start googling the specifics of the 540 event ID in particular the Authz part, since I wasn't sure exactly what that referred to, and I found this: http://techblog.wanierke.de/2009/09/23/service-stoppsstarted-event-id-540-logonlogoff-by-username/print It was exactly the issue in this situation. Very strange. I've never even heard of a problem like this before. fun stuff Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected] The Guardian Life Insurance Company of America www.guardianlife.com ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image/jpeg>>
