[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 707
  • Last Modified:

Who changed my admin password?

Two days ago we found on one of my clients networks, that the Domain administrator password had been changed.    After reviewing who knows the admin password (very few people) and asking them if they may have logged in and inadvertently changed it, we've come to a dead end.    We'd like to find out HOW we can determine when and from where it was changed.   We know, from our security logs, about when it occurred, due to authentication failures coming from our barracuda spam firewall, but we need more info.  

Is anyone familliar with software or utilites that might allow us to find out how this happenned, and from what workstation or source?
0
new435
Asked:
new435
  • 2
1 Solution
 
KCTSCommented:
If you had got auditing of privilaged use enabled then you may see it in the security log - if not - you can't
0
 
new435Author Commented:
How about some of the 3rd party utilities out there?   Isn't there something that can go into AD and look at password change history?
0
 
KCTSCommented:
Too late - if they were installed PRIOR to this they might have a chance but the information cannot be recovered retrospectively.
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now