Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 877
  • Last Modified:

Conficker infection on Server 2003 with AD

I think I already know the answer to this but I wanted to check with some experts first.

I recently found out that my windows 2003 box with the Conficker virus.  I have Active directory on that server with a few hundred users.

I am going to be migrating over to a new server immediately to get this infected server offline.

I have made daily backups of my System State both before and after the infection.

Ideally, I'd like to be able to restore one of my System state backups to my new server so I don't have to manually enter in all of those users again.
My question and concern is if I can use one of these System State backups and restore it to my new server without infecting my new server with the Conficker virus.

Does a Conficker infection affect the files of a System state Backup?
If the answer to the above question is yes, then I have another plan. I also have System State backups that were made last week (Before the Conficker infection). I could use one of these to restore my AD objects -- however when these backups were made, I was running Windows Server 2003 SP 1. I want to patch my new server to Windows Server 2003 SP 2, but would I need to first restore this System State backup SP 1 before I patched my new server to SP 2, or would it not matter?

Thanks,

Mike
 
0
michaelshavel
Asked:
michaelshavel
  • 4
  • 3
  • 2
  • +4
1 Solution
 
speshalystCommented:
I would suggest that you restore the SS backup from before the infection.
And Yes. you would have be patched up Sp1.. do the restore.. then patch up to Sp2.
 
0
 
Mike KlineCommented:
Is this your only Domain Controller?
Have you tried removing conficker?
http://support.microsoft.com/kb/962007
 
Thanks
Mike
 
0
 
michaelshavelAuthor Commented:
mkline

Yes, this is my only DC.
Removing it isn't possible.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
AmericomCommented:
This virus is removable. Why not just clean it?
0
 
michaelshavelAuthor Commented:
Someone I know just suggested replicating the old server to the new server. Any opinions about that?
0
 
Mike KlineCommented:
What they are suggesting is dcpromo the new server and let AD replicate.  That is also another way to get AD on your new server.  Also make the new server DNS and a GC.  That would be easy for you.
When this is all said and done try your best to get your boss to let you get another domain controller.  Running with only one domain controller is very risky.
Thanks
Mike
0
 
zelron22Commented:
Yeah, I'd build the new server, patch it, put antivirus on it, let it replicate with the other server, and then remove the other server (transerring DNS, FSMO, GC, etc. first before demoting it).
0
 
michaelshavelAuthor Commented:
Thanks Mk.
Why is running with only one DC risky?
m
0
 
Mike KlineCommented:
Actually now that I think of it once you transfer everything over to the new DC you can then dcpromo and wipe that old box, then reinstall windows and promote that box to be your second domain controller
If you are running AD integrated DNS now you just install DNS on the new box and after the dcpromo DNS will replicate.
Make sure the clients are also pointing to the new DC for DNS (DHCP and static clients)
So did you try to remove conficker and that failed?
Thanks
Mike
0
 
Mike KlineCommented:
Why is running with only one DC risky
Think about a situation if that DC went down hard with a major hardware problem or something like that and now your entire domain is gone and your clients can't authenticate.  
Doing a domain recovery in that situation is going to be a pain.
Now think about the same situation if you had a second DC.  Your clients wouldn't even notice because the second DC would authenticate them.  You fix the downed server and you are good to go.
Thanks
Mike
0
 
AmericomCommented:
It's always good to have 2 or more DCs. There are just too ways you could lose your DC for an unacceptable duration. Like system board failure, unexpect crash due to power failure and lead to a major harware failure and data corruption etc. Even you don't have the budget for a decent DC, you could at least create a VM or even use a inexpensive PC to act as another DC would be better than just one DC.
0
 
Ron MalmsteadInformation Services ManagerCommented:
I would attempt to clean the virus first, before messing around with migration and all that jazz.

I certainly wouldn't want to be in a situation with only one dc.  Not to mention you have a virus wreaking havoc at the same time you want to migrate AD?..not a good idea.

Conficker is removeable, and there are patches.  You can also prevent the spread using group policy.
http://support.microsoft.com/kb/962007
0
 
chasdasCommented:
Hello gents, and gentesses,

If I use that GP and it locks up the services, I reboot the server and server services will not start. So I am locked out of AD and the Group Policies. How do I unlock the services to get back in the AD?

0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 4
  • 3
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now