I was horrified to come in to work yesterday and on checking the security logs, find attempted logons as administrator, and then guest (which is disabled) This is the first time this has happened.
What I did was look at the firewall logs and marry up the IP addresses with the W2K server event log, look up the IP address and report the attempts to the person's ISP.
I did try changing the administrator account name, but I had crashes and server freezes so am reluctant to try again, I used the policies too. I wonder if there are any other steps I can take to harden the server.
Thanks
Kathy
What I did was look at the firewall logs and marry up the IP addresses with the W2K server event log, look up the IP address and report the attempts to the person's ISP.
I did try changing the administrator account name, but I had crashes and server freezes so am reluctant to try again, I used the policies too. I wonder if there are any other steps I can take to harden the server.
Thanks
Kathy