Security Basics mailing list archives

Re: Failed admin logins

From: GuidoZ <uberguidoz () gmail com>
Date: Fri, 19 Nov 2004 11:01:27 +0000

Is auditing enabled (or possible)? By auditing failed attempts, then
checking the logs in the event viewer, it should lead you right to the
source.

--
Peace. ~G


On Thu, 18 Nov 2004 13:30:33 -0500, Joe Quigley
<jquigley () iir-central com> wrote:

Hello,

I have a machine that is trying to log in as the domain administrator
but can't figure out what application/service is doing it. I've checked
all the services that login as administrator (yes, very bad idea to use
admin for services, I inherited this setup) but that does not seem to be
the problem as the services start. I even retyped the password in the
services applet just to be sure. Anyone have any thoughts on how to
track down the source of this rogue login??

Thanks in advance,

Joe

Current thread:

Failed admin logins Joe Quigley (Nov 19)
- Re: Failed admin logins GuidoZ (Nov 19)
- <Possible follow-ups>
- RE: Failed admin logins Handy, Mark (IT) (Nov 19)
- RE: Failed admin logins McKee, Graydon (Nov 22)
  - RE: Failed admin logins Burton M. Strauss III (Nov 23)