Finding out where the Administrator Account is used on the network

wannabecraig used Ask the Experts™
Is there a tool or any way to find out where the AD administrator Built-in account is being used on the network to authenticate?

It's been used heavily up until recently for several apps as a way of gaining say WMI access or sending mail via the SMTP server.
I'm keen to change the password but don't want to break everything.

Or Role holding server is a Windows 2008R2.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Manager I.T.
Top Expert 2015
1. Configure Event Forwarding.

2. Configure Advance Auditing on Clients Computers
3. Filter Event logs in DC's Event viewer, Event ID:4672 is for Special Logon


That link is for 2012, we're using 2008 R2, is it the same?


If I have other polices below the default will this cause them to stop working?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial