|
|
|
Forum Newbie
Group: Forum Members
Last Login: 12/30/2016 3:01:09 PM
Posts: 1,
Visits: 0
|
|
| We had an administrative user leave the company, but I still get logon failures every minute. having a fabulous time trying to narrow down the Application or Service that is trying to run under this disabled user's credentials. I have combed through the list of Services and do not see one that is running under the mystery account. I have enabled auditing of failed authentications, but this does not give any clues as to what Application or Service is making the call. Any suggestions as to the best way to target the App that is making the calls so that I can update the security context etc?
|
|
|
|
|
Supreme Being
Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 196,
Visits: 0
|
|
| Have you identified the workstation that the login failures are originating from? I would start by looking at the 4771 client address.
|
|
|
|