Re: Can not figure out why?

---

• From: John <John@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 10 Mar 2008 15:09:01 -0700

---

Thanks for the help.
I can not find any scheduled task running at administrator. Why did only
this exchange server get security event 629 and 680 every second?

Any ideas?

Thank you.

"Lanwench [MVP - Exchange]" wrote:

John <John@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Hi all,

We just rename the build-in administrator account and got tons of
failure audit on the security log as follows:
_______________________________________
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 3/10/2008
Time: 4:02:06 PM
User: NT AUTHORITY\SYSTEM
Computer: domain-controller-name
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator
Domain: US
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: exchange-server-name
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.10.4
Source Port: 53185


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
________________________________________________

I checked all service and none of service uses administrator account
to logon. Can anyone help me where I should go to look at? BTW, we
are at windows 2000 native level with mixed windows 2003 &windows
2000 DCs and Two node A/P clustering exchange 2003 SP2) Did I break
anything by renaming domain built-in administrator account?

Thank you.

Scheduled tasks? Something on another server?

Rrenaming the administrator account shouldn't cause problems - but don't
think it gives you any real security benefit. Any hacker worth his or her
salt is looking for the SID, not the name. I'm not a great believer in
security by obscurity.

.

---

• Follow-Ups:
  • Re: Can not figure out why?
    • From: Kurt

• References:
  • Re: Can not figure out why?
    • From: Lanwench [MVP - Exchange]

• Prev by Date: Re: Recommendations for upgrading Windows 2000 AD in a lab environment
• Next by Date: Re: Local Admin for Desktop users
• Previous by thread: Re: Can not figure out why?
• Next by thread: Re: Can not figure out why?
• Index(es):
  • Date
  • Thread

---

Relevant Pages [EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the l ... logon screen with what is called "Welcome Screen". ... (including the original administrator account, ... Using the "welcome screen" actually disables / ignores the security ... (Bugtraq) Re: Is it really true that NTFS is secure? ... The account Group got put back in the Administrator group again. ... Event Source: Security ... The logon to account: Administrator ... (microsoft.public.security) Re: Unsharing Printers ... computers. ... What needs to be done is to logon as administrator and access the security ... In a WinXP Home system you have to logon in Safe mode for this. ... Once on the security tab, you need to remove print permissions for everyone, ... (microsoft.public.windowsxp.newusers) Re: Is it really true that NTFS is secure? ... The account Group got put back in the Administrator group again. ... Event Source: Security ... The logon to account: Administrator ... (microsoft.public.security) Re: .NET Search all mailboxes Exchange Server 2003 Full-text Index ... The fact is that the search interface was not designed to do database wide ... administrator needs to have access to the content within the user's mailbox. ... no Exchange or Domain Admins have permisssions to a user's ... The main reason is the security issue above. ... (microsoft.public.exchange.development)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2008-03