system from domain is making many attempts to access the administr

G

Guest

Good morning.

One of my W2K server captured in the security log the following error
message before hanging up today:

A system belonging to the "X" domain many attempts to access the
administrator account.

Why this is happening? Does renaming the administrator account will avoid
this issue?

The server is using the latest antivirus releases.

Thanks a lot for your fast response,

Regards,

Juan
 
R

Roger Abell [MVP]

Any exposed system will pick these up, and with Administrator renamed the
dumber probbots hop on off elsewhere.
Exposure can be to a compromised internal machine.
In higher exposures on the open net you will find probware that exhibits
adaptability in its attemps at use of names collected in your near net, or
if you have leaked enumerabilities, it attempts only (likely and/or) key
names.
As long as you audit success to warrantee the attempts fail, a hardened
system (includes pwd quality) can travel the open net unchanged.
Getting a firewall and managing it is what you need for that W2k (assuming
the origin is not a sick internal machine). You could use IPsec if you're
tech oriented on this (or alternatively just buying an upgrade could cure a
few things, including firewall).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User can't access the server 1
Domain is very slow to login 1
domain account no access to network drive from vista 1
The Local Policy of This System Does Not Permit You to Logon Interactively 5
How do I rename an XP Pro user name connected to a Domain without renaming the account on the server 5
Access to the path .... is denied 11
Domain is very slow to login 6
Removed user from one domain and added to another. Notebook is in old domain 2

Top