NEW改变广告帐户

S

SouthernIT

New Member
2
0
1
When our SCCM install was first configured, it was set to use the default administrator AD account. I'm wanting to divorce ourselves from this obvious security issue. I've gone through and changed the network access account and client push accounts, but I'm still seeing the administrator user pop up in my Defender for Endpoint activity logs on our Windows endpoints. I'm hoping you guys can point me in the direction of what I've missed - thanks!

Code:
Resource access: device SCCMSERVER, property Spns cifs/SCCMSERVER.domain.local Resource access: property Spns krbtgt/DOMAIN.LOCAL, user krbtgt

Both of these entries are being reported by our Windows endpoints on a regular basis.
OP
S

SouthernIT

New Member
2
0
1
  • Thread Starter
  • #3
When our SCCM install was first configured, the default "administrator" account was used for practically the entire SCCM setup (NAA, etc). Ultimately, we're trying to disable that account for security purposes. We've gone through and changed all of the accounts that SCCM uses to the best of our knowledge, but we're still seeing those above entries in our defender logs attached to that administrator user, so we'd like to figure out what we missed before we disable it.
Garth

Garth

Well-Known Member
Staff member
1,767
151
63
Exactly what accounts or services have you changed? ConfigMgr, use the local system account for just about everything. so..