Answer the question
In order to leave comments, you need to log in
K
K
korsar1822018-12-21 16:14:11
korsar182, 2018-12-21 16:14:11
How to identify the source of blocking domain accounts?
There is a suspicion that a password enumerator for domain accounts has started up on the network. In the domain controller logs, the Calling computer name field is either empty or MSTSC, there are no machines with that name on the network, of course. At the same time, information about accounts blocked by ordinary users is displayed correctly.
Are there any third-party solutions that can help identify the problem?
5 answer(s)
@chupasaurus
@Chitinets
C
chupasaurus, 2018-12-21 @chupasaurus
Network traffic monitoring (banal Netflow with a web muzzle) / IDS.
C
Chitinets, 2018-12-22 @Chitinets
I myself encountered this, the reasons were in my own stupidity - on a couple of computers, I allowed some services to start from their own account. After the planned password change of the account, these services could not log in, and, of course, the account was blocked. I found the cause with difficulty.
Similar questions
A
Alexander Kaplun2016-04-13 15:15:55
Why does the system itself change the server for replication?
1Reply
K
K
R
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question