RefugioISD
asked on
Password reset itself on its own
I am in a school district that has approx 5 servers running Server 2003. All of the servers at the same time on the same day reset their administrator passwords to 123, which I assume is the default password.
There are only 2 of us in the entire network that would know how to do this at all, and neither of us did it obviuosly.
Sounds like a virus to me, but was wondering if there was something that you guys have seen. I am not a server expert by any means.
There are only 2 of us in the entire network that would know how to do this at all, and neither of us did it obviuosly.
Sounds like a virus to me, but was wondering if there was something that you guys have seen. I am not a server expert by any means.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
On the same subject, when I try to remote in using Remote Desktop Connection, I now get this error..."The remote session was disconnected becasue the local computer's client access license could not be upgraded or renewed. Please contact the server administrator."
This happened at the same time as the password reset.
curryajax - I agree that it looks like someone changed it, but no one here as a clue on how to do that except me.
This happened at the same time as the password reset.
curryajax - I agree that it looks like someone changed it, but no one here as a clue on how to do that except me.
Everyone that logs onto your network is a potential security threat - no matter what their knowledge level. All it takes is for someone to click a malicious web link and click yes a few times.
As far as the TS error: check out ....
http://technet2.microsoft.com/windowsserver/en/library/159e6ff8-4edb-43fd-8767-3d9858897e2c1033.mspx?mfr=true
As far as the TS error: check out ....
http://technet2.microsoft.com/windowsserver/en/library/159e6ff8-4edb-43fd-8767-3d9858897e2c1033.mspx?mfr=true
On the remote desktop, what mode is the terminal server set to? Per device or per cal? If the mode is set to something different than the licensing server, it will only issue temporary licenses.
As for the password, if it's the local account then I agree with oldPCguy. Is it a grade school? If it's junior high or above, then I'm sure most of the kids know more about 2003 than microsoft.
As for the password, if it's the local account then I agree with oldPCguy. Is it a grade school? If it's junior high or above, then I'm sure most of the kids know more about 2003 than microsoft.
ASKER
Im a little confused on what thing. I am talking about the District Wide administrator password. I do not know of a local password for each server box, just the domain password for the administartor.
Check to see if there has been added a user to the domain admins group of your domain. If someone managed to get in that group he can change the domain administrator password. (with some kind of script or interactive)
Are you in a domain environment or are they all just member servers? If you are in a domain environment, are there multiple domain controllers? Are the passwords changing consistently? Like every Monday at 2:00 or something.
Oh nm I guess I should have read all posts. Check your task scheduler for any suspicious batch files. I know that it's possible to use the netdom command to change the admin password from the command prompt. Someone could create a batch file that changes the password and then set it to run every week or month or whatever.
Unfortunately, schools tend to be a playground for wanna-be hackers.