what about: *mstsc /v:servername /console j * Troy Murray wrote: > I was wrong, Remote Desktop on XP uses Type 10, while in 2000 it > would use Type 2. The only other mention I found producing this error > was logging in through a KVM IP switch. I don't suppose that > workstation has had one of those installed. > > http://www.windowsecurity.com/articles/Logon-Types.html > > -t > > On 12/20/05, * David K McFarlane* <[log in to unmask] > <mailto:[log in to unmask]>> wrote: > > Steve, > > > Sounds like you might possibly have a rootkit of some sort on > the workstation. In that case the following sites have great > resources for detecting many of the more well known rootkits: > > > > http://www.systernals.com (RootkitRevealer, ProcExp, TCPView) > > Thanks. I tried RootkitRevealer, it found nothing. I have not > tried the > other tools yet. > > But back to the question: Could a rootkit allow an attacker to > log in over > the network and yet have it show up as a console logon in the > security log? > This is really a question about the Windows security log and what > it means. > > -- David McFarlane > Systems Designer > Michigan State University, Dept. of Psychology > [log in to unmask] <mailto:[log in to unmask]> > > > > > -- > Troy D Murray > Blog: http://troymurray.blogspot.com/