logon/logoff event 529 every 5 minutes

I reset the domain administrator password a few days ago and now I see the
following event occurring every 5 minutes in the security event list.

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 4/11/2006
Time: 4:20:00 PM
User: NT AUTHORITY\SYSTEM
Computer: SBS
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Administrator
Domain: BIGAGIS
Logon Type: 4
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: SBS
Caller User Name: SBS$
Caller Domain: BIGAGIS
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1700
Transited Services: -
Source Network Address: -
Source Port: -

The process id 1700 is svchost.exe. I can't tell exactly where to make an
update to keep this event from happening.

Please advise if there is anything I can do to stop this. We are using SBS
2003 Premium.

Thanks!

 

Open a command prompt on the SBS and type "tasklist /svc" without the
quotes. Scroll the list until you find the instance of svchost that's
associated with PID 1700, and it'll tell you what application it is.

When you change the password, you usually have to scroll the list in
Services to see what's logging on as Administrator and change it there as
well. Also the Scheduled Tasks.

 

Thank you Dave! I found it. It was a scheduled task.

Shelly Campbell