Hello,
I need to find all the workstation / server where the domaine administrator builtin account is used (scheduled task, service account, ...).
What is the best method to do it ?
I just know security event viewer with 4624 ID and I can modify the size to archive it and collect data from 1 or 2 week and with powershell find all the computer where this account is used.
Is there any other possibility to find it ?