Domain administrator with several failed authentication attempts on DC

Rodrigo Catarino 0 Reputation points
2023-05-18T14:46:25.51+00:00

Hi,

We have the "administrator" domain account disabled as the best practice says.

I have 200k+ daily failed login attempts from that user from my domain controller to the same machine.

The logon service attempt is from krbtgt/MYDOMAIN but as the account is disabled the authentication fails.

How can i validate/correct this?

Kind regards,

Rodrigo Catarino

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Anonymous
    2023-05-18T14:53:03.01+00:00

    Do you have a screenshot?


  2. Anonymous
    2023-05-18T19:44:46.4766667+00:00

    There may be a better method.

    https://learn.microsoft.com/en-us/previous-versions/tn-archive/cc700835(v=technet.10)?redirectedfrom=MSDN#protecting-the-administrator-account

    --please don't forget to upvote and Accept as answer if the reply is helpful--


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.