Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Password reset itself on its own

Posted on 2007-12-04
10
518 Views
Last Modified: 2008-02-01
I am in a school district that has approx 5 servers running Server 2003. All of the servers at the same time on the same day reset their administrator passwords to 123, which I assume is the default password.
There are only 2 of us in the entire network that would know how to do this at all, and neither of us did it obviuosly.
Sounds like a virus to me, but was wondering if there was something that you guys have seen. I am not a server expert by any means.
0
Comment
Question by:RefugioISD
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 2

Accepted Solution

by:
curryajax earned 500 total points
ID: 20404889
There isn't a default password in server 2003.  If they are all on the same domain and you change the password for the administrator, it will change on all of the servers.  Sounds like somebody reset the password, or perhaps you have a password policy that insists you change the password every month or so and someone just punched in 123?
0
 
LVL 4

Expert Comment

by:oldPCguy
ID: 20405035
It sounds like you are referring to the local server Administrator accounts. If this is the case you may have a serious security problem. You will want to look at all the running processes and verify them. Run an full AV scan on all of the servers and get a good rootkit revealer. Check the system registries for run and runonce entries, etc .... basically a full security audit.
Unfortunately, schools tend to be a playground for wanna-be hackers.
0
 

Author Comment

by:RefugioISD
ID: 20405106
On the same subject, when I try to remote in using Remote Desktop Connection, I now get this error..."The remote session was disconnected becasue the local computer's client access license could not be upgraded or renewed. Please contact the server administrator."
This happened at the same time as the password reset.

curryajax - I agree that it looks like someone changed it, but no one here as a clue on how to do that except me.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 4

Expert Comment

by:oldPCguy
ID: 20405208
Everyone that logs onto your network is a potential security threat - no matter what their knowledge level. All it takes is for someone to click a malicious web link and click yes a few times.

As far as the TS error: check out ....
http://technet2.microsoft.com/windowsserver/en/library/159e6ff8-4edb-43fd-8767-3d9858897e2c1033.mspx?mfr=true
0
 
LVL 2

Expert Comment

by:curryajax
ID: 20405233
On the remote desktop, what mode is the terminal server set to?  Per device or per cal?  If the mode is set to something different than the licensing server, it will only issue temporary licenses.

As for the password, if it's the local account then I agree with oldPCguy.  Is it a grade school?  If it's junior high or above, then I'm sure most of the kids know more about 2003 than microsoft.
0
 
LVL 2

Expert Comment

by:curryajax
ID: 20405244
0
 

Author Comment

by:RefugioISD
ID: 20405300
Im a little confused on what thing. I am talking about the District Wide administrator password. I do not know of a local password for each server box, just the domain password for the administartor.
0
 
LVL 10

Expert Comment

by:3_S
ID: 20405473
Check to see if there has been added a user to the domain admins group of your domain. If someone managed to get in that group he can change the domain administrator password. (with some kind of script or interactive)
0
 
LVL 2

Expert Comment

by:jdewaard
ID: 20407307
Are you in a domain environment or are they all just member servers?  If you are in a domain environment, are there multiple domain controllers?  Are the passwords changing consistently?  Like every Monday at 2:00 or something.

0
 
LVL 2

Expert Comment

by:jdewaard
ID: 20407341
Oh nm I guess I should have read all posts.  Check your task scheduler for any suspicious batch files.  I know that it's possible to use the netdom command to change the admin password from the command prompt.  Someone could create a batch file that changes the password and then set it to run every week or month or whatever.  
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question