> There are chances that someone already knows your password, > and that he > uses a security hole of Windows 2000 to log into your machine without > leaving any logon/logoff traces in the Security log! [snip] > Because the locking of the machine creates no Security event > by design, a > local attacker can use this hole to log onto a locked machine > and lock this > machine again (when he is done), without leaving logon/logoff > traces of his > successful break in in the Security log! This does not repro on my XP Pro system. When I lock and unlock the system, it creates events in the security events IF I have logon auditing enabled. I haven't had time to test against Windows 2000. And, BTW, if someone already knows your password, this should be the least of your worries.
