RGAGPB
commented
10 months ago Hi, same problem for me in the latest beta (3.2 in the package name, 3.1.5 in the report), this rule keeps telling me my admin account has been used recently. I always had the problem because pingcastle was looking at lastlogontimestamp instead of lastlogon, I thought it was supposed to change with this version (the rule description talks about it btw) but I just checked and the lastlogon is indeed September 2021 on all my DCs, so there must still be a little problem 😬 Merci !
mpgn
By testing the version 3.1.5.0 Beta a rule has been flagged on our domain which was not flagged on version 3.1.0.0:
Nevertheless, this account is no active on our side and not used since many years.
So maybe a regression from 3.1 :)
The version 3.1.0.0 does not report this rule.