Hello, I have been using the logonsessions utility (Sysinternal's one) on a domain controller (Windows 2003). I see several logon sessions where the account name is: <DOMAIN>\<COMPUTER>$ and the SID is S-1-5-18. (Alternatively I use LsaEnumerateLogonSessions and LsaGetLogonSessionData with same results). My questions are: A. I know the Sid of this account is different and the SID is representing the NT AUTHORITY\SYSTEM account. Is there anyone who can explain the conflict? B. Where are those session are coming from? Which component initiates these? Thanks in advance, Ahaz
