I am reviewing event logs and notice Event Class ID Security:620. The target user name is ANONYMOUS LOGON. How can I identify why the trust information was modified by this user? is there some process that runs that uses ANONYMOUS LOGON in order to update
trusts? The only somewhat relevant events I notice prior to this are Security:576 and Security:628 which are privledge and account changes for two machine accounts. Does the event Security:620 have anything to do with the fact that a computer account (ends
with $) password was set with the same timestamp of the Trusted Domain Information Modified event?
↧