Finding out where the Administrator Account is used on the network

wannabecraig
wannabecraig used Ask the Experts™
on
Is there a tool or any way to find out where the AD administrator Built-in account is being used on the network to authenticate?

It's been used heavily up until recently for several apps as a way of gaining say WMI access or sending mail via the SMTP server.
I'm keen to change the password but don't want to break everything.

Or Role holding server is a Windows 2008R2.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Manager I.T.
Top Expert 2015
Commented:
1. Configure Event Forwarding.
https://www.petri.com/configure-event-log-forwarding-windows-server-2012-r2

2. Configure Advance Auditing on Clients Computers
1.jpg2.jpg
3. Filter Event logs in DC's Event viewer, Event ID:4672 is for Special Logon

Author

Commented:
That link is for 2012, we're using 2008 R2, is it the same?

Author

Commented:
If I have other polices below the default will this cause them to stop working?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial