Finding out where the Administrator Account is used on the network
Is there a tool or any way to find out where the AD administrator Built-in account is being used on the network to authenticate?
It's been used heavily up until recently for several apps as a way of gaining say WMI access or sending mail via the SMTP server.
I'm keen to change the password but don't want to break everything.
Or Role holding server is a Windows 2008R2.
It's been used heavily up until recently for several apps as a way of gaining say WMI access or sending mail via the SMTP server.
I'm keen to change the password but don't want to break everything.
Or Role holding server is a Windows 2008R2.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
1. Configure Event Forwarding.
https://www.petri.com/configure-event-log-forwarding-windows-server-2012-r2
2. Configure Advance Auditing on Clients Computers
3. Filter Event logs in DC's Event viewer, Event ID:4672 is for Special Logon
https://www.petri.com/configure-event-log-forwarding-windows-server-2012-r2
2. Configure Advance Auditing on Clients Computers
3. Filter Event logs in DC's Event viewer, Event ID:4672 is for Special Logon
Premium Content
You need an Expert Office subscription to comment.Start Free Trial