No announcement yet.

disabled login attempt

  • Filter
  • Time
  • Show
Clear All
new posts

  • disabled login attempt

    Something is continuously trying to log on to my server using a disabled guest account; This happens roughly every minute or two. The source of the logon attempts is our server, so it must be some process running on the server itself. There are no services running as this user account and no scheduled jobs on the system. The task manager doesn't show any process running under this account, either. The user account's name is nowhere to be found in the Registry. But some process is trying to use it, and failing. It probably is not some critical process, as everything seems to be working fine, apart from those log entries; it could just be something that was installed long ago and forgotten there. Whatever it is, it probably is running under another user account (possibly a system one), but is actively trying to log on using those credentials, which are probably saved in some configuration file, since they're not stored in the Registry. How can I track which process is trying (and failing) those logon attempts?

  • #2
    Please post a screen capture of the relevant Event Viewer instance so we can see what it says.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2


    • #3
      You could use both Process Explorer and Process Monitor from Microsoft (formerly Sysinternals).

      Daniel Petri
      Microsoft Most Valuable Professional - Active Directory Directory Services