can someone login as "NT AUTHORITY\SYSTEM "

Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
one of our servers. I log both the failed and successful logins and both of
the above logins were used recently. Do they have passwords that can be set?
What would be the implications if I removed both of them from
"security/logins"? I'm running both the server service and agent service with
a different login so it wouldn't affect the jobs.
Thanks,
Dan D.
Hi Dan
These are the name of the accounts when you specify local system or network
service as the accounts in which a service runs under see
http://msdn2.microsoft.com/en-us/library/ms191543.aspx
John
"Dan D." wrote:

> Using SS2000 SP4. Can someone login as either NT AUTHORITY\SYSTEM or NT
> AUTHORITY\NETWORK SERVICE? I'm trying to figure out how someone got access to
> one of our servers. I log both the failed and successful logins and both of
> the above logins were used recently. Do they have passwords that can be set?
> What would be the implications if I removed both of them from
> "security/logins"? I'm running both the server service and agent service with
> a different login so it wouldn't affect the jobs.
> Thanks,
> --
> Dan D.
|||I came across an article today about how someone could log in as NT AUTHORITY
through the cmd window using the task scheduler and I got a little concerned.
Thanks for the article.
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> These are the name of the accounts when you specify local system or network
> service as the accounts in which a service runs under see
> http://msdn2.microsoft.com/en-us/library/ms191543.aspx
> John
> "Dan D." wrote:
|||Hi Dan
Could you can post a link to the article?
John
"Dan D." wrote:
[vbcol=seagreen]
> I came across an article today about how someone could log in as NT AUTHORITY
> through the cmd window using the task scheduler and I got a little concerned.
> Thanks for the article.
> --
> Dan D.
>
> "John Bell" wrote:
|||Sometimes the page doesn't render correctly. You may have to scroll down to
see the beginning of the article.
http://www.ozzu.com/ftopic1337.html
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> Could you can post a link to the article?
> John
> "Dan D." wrote:
|||Hi Dan
The article is talking about a vunerability highlighted in
http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
worm, rather than something actually logging in a the account. You should
make sure that your system is patched to a level which does not have this
issue. Tools like Microsoft Baseline Security Advisor will help you configure
your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
John
"Dan D." wrote:
[vbcol=seagreen]
> Sometimes the page doesn't render correctly. You may have to scroll down to
> see the beginning of the article.
> http://www.ozzu.com/ftopic1337.html
> --
> Dan D.
>
> "John Bell" wrote:
|||Thanks. I do run the Baseline Security Analyzer.
Dan D.
"John Bell" wrote:
[vbcol=seagreen]
> Hi Dan
> The article is talking about a vunerability highlighted in
> http://support.microsoft.com/?kbid=823980 that can be exploited by a specific
> worm, rather than something actually logging in a the account. You should
> make sure that your system is patched to a level which does not have this
> issue. Tools like Microsoft Baseline Security Advisor will help you configure
> your systems check out http://msdn2.microsoft.com/en-us/library/aa302360.aspx
> John
> "Dan D." wrote:
|||Hi Dan
Hopefully you have patched this, make sure that you keep your MBSA up to date.
John
"Dan D." wrote:
[vbcol=seagreen]
> Thanks. I do run the Baseline Security Analyzer.
> --
> Dan D.
>
> "John Bell" wrote: