[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 185
  • Last Modified:

Server 2003 Administrator Password Question

Where can I look in Small Business Server 2003 to see if and when the administrator password has been changed?  Thanks.
2 Solutions
Rich RumbleSecurity SamuraiCommented:
https://www.microsoft.com/technet/security/prodtech/windows2000/secwin2k/swin2k09.mspx Event 627 and 628
User account password changed. The modification of a password by someone other than the user can indicate that an account has been taken over by another user. Look for Event IDs 627 and 628 which indicate that a password change is attempted and is successful. Review the details to determine whether a different account performed the change, and whether the account is a member of the help desk or other service team that resets user account passwords.

Copy acctinfo.dll into the system32 folder on the SBS and register it (regsvr32.exe %systemroot%\system32\acctinfo.dll). Start the ADUC console, and you'll notice a new tab in the user properties, "Additional Account Info". Among other useful information, you'll find the date when the password was last set.
Account Lockout and Management Tools

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now