I recently changed the Admin password. and i know notice that badpassword attempts are happerning ever few seconds
I know which server is casuing the lockout due to event manager, but no idea how to find out whats causing it.
no MIS staff use this acocunt. no services are used with it, no scheduled tasks etc
how do you go about tracing the source thats locking the account out?
putthe password back to its old one and it stops logging bad passwords. I do have trusts setup they dont hold passwod info (or do they?)
backup exec, and Symantec AV are also in use but no links to Admin password (that i know of)