|Subject:||Event ID 626|
|Date:||3 Oct 2006|
We monitor our Windows Security Logs using MOM 2005. We record all 626
events where User Accounts are enabled. A lot of the data collected
includes account names (Target Account Name) that are actually the name
of workstations (e.g., ws-2884$) that have been added to the domain.
Before we filter out this traffic I was wondering if these WS additions
pose any kind of security threat and should be logged or reviewed. Any