我似乎在安全事件查看器中收到了很多这样的条目。每小时大约 8-12 条。我想知道 a) 我应该担心它吗?或者 b) 到底发生了什么,有人能帮忙吗?
Type: Success Audit
Source: Security
Category: Logon/Logoff
User: Network Service or IUSR_WIN2003
Logon attempt using explicit credentials:
Logged on user:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon GUID: -
User whose credentials were used:
Target User Name: IUSR_WIN2003
Target Domain: WILDEBB1
Target Logon GUID: -
Target Server Name: localhost
Target Server Info: localhost
Caller Process ID: 13224
Source Network Address: -
Source Port: -
此外,就在录制完这个之后,iis 停止接受连接,我不得不重新启动服务器。与这个的区别在于登录过程使用了 ADVAPI...
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 05/06/2012
Time: 13:59:10
User: WILDEAA1\IUSR_WIN2003
Computer: WILDEAA1
Description:
Successful Network Logon:
User Name: IUSR_WIN2003
Domain: WILDEAA1
Logon ID: (0x0,0x5FDB22D)
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: WILDEAA1
Logon GUID: -
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0,0x3E4)
Caller Process ID: 13224
Transited Services: -
Source Network Address: -
Source Port: -
答案1
IUSR 帐户是安装 IIS 时创建的匿名用户帐户。您在该服务器上运行任何网站吗?每当 IIS 尝试为匿名用户登录帐户时,您都会看到登录事件。