Ok here is the situation:
The networkconsists ofa singleActive Directory domainnamedsomething.com.The domaincontainsWindowsServer 2008FileServernamedServer1.
Duringa routineSecurityAuditing, i checked thesecuritylogonServer1in EventViewer.And I discoveredthat the securitylogcontains thousandsof events thatindicatefailedattempts atlogging infrom differentcomputers using thebuilt-inAdministrator accountonServer1.Localadministrator accounthas never been used.Isuspectthat someunauthorizeduser triesto accessServer1computerusing the builtAdministrator account.
I need to protectServer1from attacks
in whichan unauthorizedusertries to use thebuilt-in(Built-in)administrator account,and at the sametime i have toensure thatusers continueto use the
Server1computer as afile server.
Question:
Whatshould I do tothe
FileServercomputer?
please explain if you can, thanks in advance.