Something is continuously trying to log on to my server using a disabled guest account; This happens roughly every minute or two. The source of the logon attempts is our server, so it must be some process running on the server itself. There are no services running as this user account and no scheduled jobs on the system. The task manager doesn't show any process running under this account, either. The user account's name is nowhere to be found in the Registry. But some process is trying to use it, and failing. It probably is not some critical process, as everything seems to be working fine, apart from those log entries; it could just be something that was installed long ago and forgotten there. Whatever it is, it probably is running under another user account (possibly a system one), but is actively trying to log on using those credentials, which are probably saved in some configuration file, since they're not stored in the Registry. How can I track which process is trying (and failing) those logon attempts?
Login or Sign Up
- Log in with