Domain administrator with several failed authentication attempts on DC

Rodrigo Catarino 0 Reputation points
2023-05-18T14:46:25.51+00:00

Hi,

We have the "administrator" domain account disabled as the best practice says.

I have 200k+ daily failed login attempts from that user from my domain controller to the same machine.

The logon service attempt is from krbtgt/MYDOMAIN but as the account is disabled the authentication fails.

How can i validate/correct this?

Kind regards,

Rodrigo Catarino

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,600 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,214 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Anonymous
    2023-05-18T14:53:03.01+00:00

    Do you have a screenshot?


  2. Anonymous
    2023-05-18T19:44:46.4766667+00:00

    There may be a better method.

    https://learn.microsoft.com/en-us/previous-versions/tn-archive/cc700835(v=technet.10)?redirectedfrom=MSDN#protecting-the-administrator-account

    --please don't forget to upvote and Accept as answer if the reply is helpful--