djolex Posted February 11, 2010 Posted February 11, 2010 Please help I am a network administrator for some company. The network consists of a single Active Directory domain named Linkgroup.com. The domain contains Windows Server 2008 File Server named SERVER1. During a routine Security Auditing-a, I checked the security log on SERVER1 in Event Viewer. I found that the security log contains thousands of events that indicate the unsuccessful attempts logging in from different computers using the built-in Administrator account on SERVER1. Local administrator account is never used. I suspected that the unauthorized user tries to access the computer using the built-in SERVER1 administrator account. SERVER1 must protect against attacks in which unauthorized user tries to use the embedded (built-in) administrator account, and at the same time I have to ensure that users continue to use the computer SERVER1 as the File Server. What do I need to do the File Server computer? Quote
mmthomas Posted February 11, 2010 Posted February 11, 2010 Here is a good overview of ways to protect the administrator account. You can also configure lockouts so that the account is locked out after X bad password attempts. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.