Domain administrator with several failed authentication attempts on DC

Rodrigo Catarino 0

Hi,

We have the "administrator" domain account disabled as the best practice says.

I have 200k+ daily failed login attempts from that user from my domain controller to the same machine.

The logon service attempt is from krbtgt/MYDOMAIN but as the account is disabled the authentication fails.

How can i validate/correct this?

Kind regards,

Rodrigo Catarino

2 answers

Dave Patrick 426.1K Reputation points MVP

2023-05-18T14:53:03.01+00:00

Do you have a screenshot?
Please sign in to rate this answer.
Rodrigo Catarino 0 Reputation points

2023-05-18T14:59:58.68+00:00

Hi,

Yes, i do have:

Dave Patrick 426.1K Reputation points MVP

2023-05-18T15:02:46.2133333+00:00

Ok, great.

Rodrigo Catarino 0 Reputation points

2023-05-18T15:07:58.3033333+00:00

were you able to see the image?
Sign in to comment
Dave Patrick 426.1K Reputation points MVP

2023-05-18T19:44:46.4766667+00:00

There may be a better method.

https://learn.microsoft.com/en-us/previous-versions/tn-archive/cc700835(v=technet.10)?redirectedfrom=MSDN#protecting-the-administrator-account

--please don't forget to upvote and Accept as answer if the reply is helpful--
Please sign in to rate this answer.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Dave Patrick 426.1K Reputation points MVP

2023-05-21T12:30:47.4266667+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--
Sign in to comment