Windows Server 2008 共享文件夹访问

tag-icon tag-icon windows-server-2008 network-share
Windows Server 2008 共享文件夹访问

我有一台 Windows Server 2008,其中有一个共享文件夹。当我尝试从网络内访问共享文件夹时,出现以下审核失败:

An account failed to log on.

Subject:
    Security ID:        NULL SID
    Account Name:       -
    Account Domain:     -
    Logon ID:       0x0

Logon Type:         3

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:       laurentiu
    Account Domain:     WIN-CS9MB57MU5H

Failure Information:
    Failure Reason:     An Error occured during Logon.
    Status:         0xc000006d
    Sub Status:     0x0

Process Information:
    Caller Process ID:  0x0
    Caller Process Name:    -

Network Information:
    Workstation Name:   WIN-CS9MB57MU5H
    Source Network Address: 13.211.*.*
    Source Port:        49198

Detailed Authentication Information:
    Logon Process:      
    Authentication Package: NTLM
    Transited Services: -
    Package Name (NTLM only):   -
    Key Length:     0

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> 
  <EventID>4625</EventID> 
  <Version>0</Version> 
  <Level>0</Level> 
  <Task>12544</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8010000000000000</Keywords> 
  <TimeCreated SystemTime="2018-11-02T10:16:34.478335100Z" /> 
  <EventRecordID>63334</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="680" ThreadID="728" /> 
  <Channel>Security</Channel> 
  <Computer>WIN-CS9MB57MU5H</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data Name="SubjectUserSid">S-1-0-0</Data> 
  <Data Name="SubjectUserName">-</Data> 
  <Data Name="SubjectDomainName">-</Data> 
  <Data Name="SubjectLogonId">0x0</Data> 
  <Data Name="TargetUserSid">S-1-0-0</Data> 
  <Data Name="TargetUserName">laurentiu</Data> 
  <Data Name="TargetDomainName">WIN-CS9MB57MU5H</Data> 
  <Data Name="Status">0xc000006d</Data> 
  <Data Name="FailureReason">%%2304</Data> 
  <Data Name="SubStatus">0x0</Data> 
  <Data Name="LogonType">3</Data> 
  <Data Name="LogonProcessName" /> 
  <Data Name="AuthenticationPackageName">NTLM</Data> 
  <Data Name="WorkstationName">WIN-CS9MB57MU5H</Data> 
  <Data Name="TransmittedServices">-</Data> 
  <Data Name="LmPackageName">-</Data> 
  <Data Name="KeyLength">0</Data> 
  <Data Name="ProcessId">0x0</Data> 
  <Data Name="ProcessName">-</Data> 
  <Data Name="IpAddress">13.211.*.*</Data> 
  <Data Name="IpPort">49198</Data> 
  </EventData>
  </Event>

机器是最新的,凭证 100% 有效,即使管理员不工作。

有人知道我该如何做这个工作吗?

答案1

确保计算机正确加入域,并且没有使用本地凭据。

在审计中:

帐户域:WIN-CS9MB57MU5H

在针对来源的审计中:

工作站名称:WIN-CS9MB57MU5H

如您所见,它使用本地帐户。如果您在工作组中,这是一种正常行为,但这意味着需要在该远程计算机上使用相同的凭据创建用户 laurentiu。

相关内容