We help IT Professionals succeed at work.

Is someone trying to hack me?

gromack
gromack asked
on
165 Views
Last Modified: 2018-03-27
2008 SBS & noticing a lot of this in my event viewer.

The SAM database was unable to lockout the account of Administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.
Comment
Watch Question

JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Patrick BogersDatacenter platform engineer Lindows
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
IT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Yes, running OWA...
Renaming account this far in - can/will that jack up things behind the scene?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
No one should be using the "administrator" account. Disable it. That is how Microsoft does it and that will work. Some people rename the account but we do not. No real need if the account is disabled.
Patrick BogersDatacenter platform engineer Lindows
CERTIFIED EXPERT

Commented:
It depends, Some sloppy admins use the administrator account to run tasks or jobs.
I would  just disable the account and keep close eye on the event logs.
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
@John I don't know  where you knowledge is coming from but Microsoft is NEVER disabling Domain Administrator account for default.
It's worst think you can do because this account is only one account to be able recover domain after crash !!!!
That's why everyone is require to set active directory recovery password for domain admin set
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I was thinking Local Administrator account. Our Domain Administrators are NEVER named "administrator"
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
His problem is with Small Business Server so I assume he is talking about domain administrator.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I understand that, but I just never name a Domain Administrator as "administrator"  That is how we do this.
Patrick BogersDatacenter platform engineer Lindows
CERTIFIED EXPERT

Commented:
I second John here, the default domain administrator is always disabled and replaced by more personal admin accounts.
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
I'm sorry but You have no choice. After installation system is asking you to set password for ADMINISTRATOR account. You have option to rename it after first log on, that's was my suggestion !
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
@Patrick.

This is about SBS not local computer !!!
Patrick BogersDatacenter platform engineer Lindows
CERTIFIED EXPERT

Commented:
Tom, net user administrator /active:no

Next question Please.
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
Very smart, deactivate Domain Administrator :)
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I'm sorry but You have no choice. ....

I take your point. We set a STRONG password and do not use the account.

Server-2012-Administrator.
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
John, I understand, but this is screenshot from LOCAL Administrator account. In SBS Administrator most important account in domain.
You can create another user and assign his account to be domain admin or enterprise admin or you can rename Administrator account, It's still OK, but you should not disable this account. If you do and you'll get medatada error and only one way is to recover it from backup then you going south ! Are you agree ?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
The local administrator account is not disabled here. I tried to correct myself.

Any other domain admin is NEVER named "administrator" and I said that earlier.
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
I said that too, So that's why I said
It is always best practice to rename Administrator account of the binning of use just after installation because this account is first one that hackers trying to broke in to.

Author

Commented:
Guys, guys, haha!
In my move away from 2008 SBS & maybe even SBS overall, any pros, cons on 2016 vs 2012? I understand 2012 was last version of SBS. Besides being 5 years old at this point, other than exchange, I wasn't really using sharepoint or any other features, that I can think of.
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
Microsoft shot down SBS project because of 2 thinks.
One is Money... then can make a lot of more money if people will be require to install more than one server in small domain (licenses)
Second, it was a lot o problems with system where many features was installed on single server.

Yes, your point of thinking is right. You should go away from SBS. I know is going to be more expensive but if you SQL server will fail then you;ll loose only one service not whole domain feature.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
We have not used SBS at any client since Server 2003.
CERTIFIED EXPERT

Commented:
Not that it really matters at this date, but I have nothing but SBS 2011 systems in place for small networks and properly setup and maintained they have NO problems or issues.
John TsioumprisSoftware & Systems Engineer
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Grab Netwrix Account Lockout Examiner and examine what is going on....maybe a virus is trying to get access..also check RDP
Patrick BogersDatacenter platform engineer Lindows
CERTIFIED EXPERT

Commented:
In my move away from 2008 SBS & maybe even SBS overall, any pros, cons on 2016 vs 2012?

In my opion it is best to move to proven technology, in your question the answer is 2012r2. In my experience this is working perfectly with exchange 2016.
Offcourse, as best practice, you seperate domain controllers and mail servers to different boxes.
Cris HannaSr IT Support Engineer
CERTIFIED EXPERT

Commented:
Sorry to be jumping into this question late, but I couldn't help it because of the some of the bad information being given with reference to SBS specifically

With regard to the Administrator account.   Every since SBS 2003 (possibly before that but that's longer than I can or want to remember) the "Administrator" account is disabled by default.  During installation you are REQUIRED to setup a new Administrator account and strong password.

So for the author, someone may very well be trying to hack but the actual Administrator account should be disabled.   What ports do you have open/forwarded on your router/firewall?   The only ports required are 25 for email and 443 for OWA and Remote Web Access.    Do you have 3389 open for Remote Deskotp?  Close it.  That's likely the culprit.

As for SBS itself....A version of SBS (2016) continues to be available even today.   Server Essentials gives you many of the great features we all loved with SBS, ie a simple management console and Remote Web Access.  And you get the added bonus of client backups.  But it doesn't include Exchange, because as mentioned, Microsoft's own best practice is that Exchange should not be installed on a domain controller.   But if you're using SBS 2008 than you'd be a prime candidate for Server 2016 with the Essential Server role installed. And you can virtualize this with the licenses included in Server 2016,  And Office 365 for email/collaboration.

Lots of misconceptions in this post

Microsoft MVP – Windows Server for Small and Medium Business since 1997
Patrick BogersDatacenter platform engineer Lindows
CERTIFIED EXPERT

Commented:
Thank you for the clarification.

Author

Commented:
John, when installing that Netwrix Account Lockout Examiner, will it require a reboot?

Author

Commented:
Also, looking at the message, I would think changing the password wouldn't do much, as f someone was trying to access it, it would just keep giving that message. Can I rename the account without any issues?
Cris HannaSr IT Support Engineer
CERTIFIED EXPERT

Commented:
Gromack
What account are you wanting to rename?   The "Administrator" should be disabled on your SBS 2008 box and you should have an account created during install that replaced the Admin Account.   Do NOT rename that account.


Cris Hanna
Microsoft MVP – Windows Server for Small and Medium Business since 1997
Walter CurtisSharePoint AED
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
This is a never ending thread ---

Original Question:

Is someone trying to hack me?

Answer: Yes, always and forever.

Some great information in this thread about how to lower the risk of the hackers being successful.

Hope you use it...
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
Gromack, You can always change account name, or password on account, but remember if you'll change account you must change Display Name and alias and email address too.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Ample answers provided
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.