can someone login as "NT AUTHORITY\SYSTEM "

Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access t
o
one of our servers. I log both the failed and successful logins and both of
the above logins were used recently. Do they have passwords that can be set?
What would be the implications if I removed both of them from
"security/logins"? I'm running both the server service and agent service wit
h
a different login so it wouldn't affect the jobs.
Thanks,
--
Dan D.Hi Dan
These are the name of the accounts when you specify local system or network
service as the accounts in which a service runs under see
http://msdn2.microsoft.com/en-us/library/ms191543.aspx
John
"Dan D." wrote:

> Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access
to
> one of our servers. I log both the failed and successful logins and both o
f
> the above logins were used recently. Do they have passwords that can be se
t?
> What would be the implications if I removed both of them from
> "security/logins"? I'm running both the server service and agent service w
ith
> a different login so it wouldn't affect the jobs.
> Thanks,
> --
> Dan D.|||I came across an article today about how someone could log in as NT AUTHORIT
Y
through the cmd window using the task scheduler and I got a little concerned
.
Thanks for the article.
--
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> These are the name of the accounts when you specify local system or networ
k
> service as the accounts in which a service runs under see
> http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> John
> "Dan D." wrote:
>|||Hi Dan
Could you can post a link to the article?
John
"Dan D." wrote:
[vbcol=seagreen]
> I came across an article today about how someone could log in as NT AUTHOR
ITY
> through the cmd window using the task scheduler and I got a little concern
ed.
> Thanks for the article.
> --
> Dan D.
>
> "John Bell" wrote:
>|||Sometimes the page doesn't render correctly. You may have to scroll down to
see the beginning of the article.
http://www.ozzu.com/ftopic1337.html
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> Could you can post a link to the article?
> John
> "Dan D." wrote:
>|||Hi Dan
The article is talking about a vunerability highlighted in
http://support.microsoft.com/?kbid=823980 that can be exploited by a specifi
c
worm, rather than something actually logging in a the account. You should
make sure that your system is patched to a level which does not have this
issue. Tools like Microsoft Baseline Security Advisor will help you configur
e
your systems check out [url]http://msdn2.microsoft.com/en-us/library/aa302360.aspx[/url
]
John
"Dan D." wrote:
[vbcol=seagreen]
> Sometimes the page doesn't render correctly. You may have to scroll down t
o
> see the beginning of the article.
> http://www.ozzu.com/ftopic1337.html
> --
> Dan D.
>
> "John Bell" wrote:
>|||Thanks. I do run the Baseline Security Analyzer.
--
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> The article is talking about a vunerability highlighted in
> http://support.microsoft.com/?kbid=823980 that can be exploited by a speci
fic
> worm, rather than something actually logging in a the account. You should
> make sure that your system is patched to a level which does not have this
> issue. Tools like Microsoft Baseline Security Advisor will help you config
ure
> your systems check out [url]http://msdn2.microsoft.com/en-us/library/aa302360.aspx[/u
rl]
> John
> "Dan D." wrote:
>|||Hi Dan
Hopefully you have patched this, make sure that you keep your MBSA up to dat
e.
John
"Dan D." wrote:
[vbcol=seagreen]
> Thanks. I do run the Baseline Security Analyzer.
> --
> Dan D.
>
> "John Bell" wrote:
>