Please help
I am a network administrator for some company. The network consists of a single Active Directory domain named Linkgroup.com. The domain contains Windows Server 2008 File Server named SERVER1.
During a routine Security Auditing-a, I checked the security log on SERVER1 in Event Viewer. I found that the security log contains thousands of events that indicate the unsuccessful attempts logging in from different computers using the built-in Administrator account on SERVER1. Local administrator account is never used. I suspected that the unauthorized user tries to access the computer using the built-in SERVER1 administrator account.
SERVER1 must protect against attacks in which unauthorized user tries to use the embedded (built-in) administrator account, and at the same time I have to ensure that users continue to use the computer SERVER1 as the File Server.
What do I need to do the File Server computer?
I am a network administrator for some company. The network consists of a single Active Directory domain named Linkgroup.com. The domain contains Windows Server 2008 File Server named SERVER1.
During a routine Security Auditing-a, I checked the security log on SERVER1 in Event Viewer. I found that the security log contains thousands of events that indicate the unsuccessful attempts logging in from different computers using the built-in Administrator account on SERVER1. Local administrator account is never used. I suspected that the unauthorized user tries to access the computer using the built-in SERVER1 administrator account.
SERVER1 must protect against attacks in which unauthorized user tries to use the embedded (built-in) administrator account, and at the same time I have to ensure that users continue to use the computer SERVER1 as the File Server.
What do I need to do the File Server computer?
