Are there any knowledgebase articles that refer to possibly delayed event
log write action - such as a person logging out of a machine, that
information being cached but never written to disk until another action
forces the cache flush, and when the cache is flushed, then the event is
noted - a delayed action making it seem the event took place later than it
did?
In article <701CC355-462C-424E-A2C8-058B632EC632.RemoveThis@microsoft.com>,
Dave Patrick <DSPatrick.RemoveThis@nospam.gmail.com> wrote:
>Take a look at all automatic scheduled processes.
>
>--
>
>Regards,
>
>Dave Patrick ....Please no email replies - reply in newsgroup.
>Microsoft Certified Professional
>Microsoft MVP [Windows]
>http://www.microsoft.com/protect
>
>"Scott Ehrlich" wrote:
>>
>> I have a Windows XP w/SP2 machine on an isolated LAN, with a Linux server
>> acting as a Samba NT 4 PDC.
>>
>> A review on the Windows machine's event viewer revealed a user's account
>> that only had a logout entry and a very unusual hour. Just before that
>> entry, someone else had logged in and logged out, but several hours
>> beforehand.
>>
>> I keep very tight controls on the systems, and I'm the only one with
>> Admin/root rights.
>>
>> What might be the cause of that unusual entry?
>>
>> Thanks for any insights.
>>
>> Scott
> >> Stay informed about: Help with Event Viewer timetamp for login/logout? 
FAQ
Profile
Private Messages
Log in
Win 2000/NT/98/ME