We have a monitoring system that emails us based on certain events. I see early in the morning when Spiceworks scans, we get alerts from certain servers showing the local administrator account is being locked out.
Spiceworks seems to try every single credential listed in our WMI credentials setting. Is there a place to go to specify credentials for particular servers?
It does inventory things ok because after it can’t login with COMPUTERNAME\Administrator, it is successfully able to connect via DOMAIN\adminacct
It’s also trying username “TEMP” once in awhile.
@Spiceworks
4 Spice ups
welcome to the club!, since the release of 7.0 we have this problem, SW had that feature in 6 but they took it out on 7, but i think they are working on bringing back that feature because the new way to use the credentials are good for some scenarios (quick scan) but bad with others (like yours one some of mine) . hope they finally put it back since we have long waited for it
Hey thanks for the reply. Sorry your running into the same problem, but I’m glad its not just me then!
We don’t use local administrator accounts anyway. We use domain accounts, or if the server is on the DMZ or internet facing, its Administrator account has been renamed or we use a different account.
Its really more of an issue that we are getting alerts from our Log and Event manager. We use these alerts because we want to keep track when real users lock themselves out, or monitor for potential suspicious activity.
I’m just checking in if there are any updates to this problem.
We still just ignore the daily local administrator locked out email’s we get from our Log and Event system. But to help declutter the noise, is there any way in the latest spiceworks to tell it NOT to try a “local admin” account?
