Re: Process running under Adminstrator account
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 16 Sep 2007 10:20:53 -0400
Ryan <Ryan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I disabled the administrator account for security reasons. At the
same time the event log shows failed administrator logon attempts.
Attempts repeat every 2 till 5 hours. The calling process has PID 944
which I looked up as svchost process.
This refers to the following services:
svchost.exe 944 AeLookupSvc, AppMgmt, BITS, Browser,
CryptSvc, dmserver, EventSystem,
helpsvc,
lanmanserver, lanmanworkstation,
Netman,
Nla, RasMan, RemoteAccess, Schedule,
seclogon, SENS, ShellHWDetection,
winmgmt,
wuauserv
I can not find any service that starts with Administrator account.
Does someone have any suggestions?
As Susan said, you need to re-enable it.
I don't bother to rename the admin account anymore, either. Security by
obscurity = pretty useless, as anyone trying to hack into your server is
going after the well-known SID anyway.
.
- Follow-Ups:
- Re: Process running under Adminstrator account
- From: Gregg Hill
- Re: Process running under Adminstrator account
- Prev by Date: Re: How do I merge two SMS Exchange stores...
- Next by Date: RE: client computer loses connection to server everynight
- Previous by thread: Re: Process running under Adminstrator account
- Next by thread: Re: Process running under Adminstrator account
- Index(es):
Loading
