Do you have a screenshot?
Domain administrator with several failed authentication attempts on DC

Rodrigo Catarino
0
Reputation points
Hi,
We have the "administrator" domain account disabled as the best practice says.
I have 200k+ daily failed login attempts from that user from my domain controller to the same machine.
The logon service attempt is from krbtgt/MYDOMAIN but as the account is disabled the authentication fails.
How can i validate/correct this?
Kind regards,
Rodrigo Catarino
2 answers
Sort by: Most helpful
-
-
Dave Patrick 354.3K Reputation points MVP
2023-05-18T19:44:46.4766667+00:00 There may be a better method.
--please don't forget to
upvote
andAccept as answer
if the reply is helpful--