Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

When was the password changed?

Posted on 2010-11-30
5
Medium Priority
?
368 Views
Last Modified: 2012-05-10
I have  a new client whose previous IT company has changed their Administrator password (out of spite is seems). Security logging in event viewer was not turned on. The screwing around happened in the last 24 hrs. Is there a way to see when they:
a) Logged in last.
b) Changed the Administrator password.
c) Made the users folders "Read Only" and changed shared folders shared settings.
Fortunatelly, I was not able to log in untill AFTER all this happened, and the client knows it so they are not seeing me as responsible for/
FYI- I am now able to log in (it seems they reset the password back to what it was supposed to be).
0
Comment
Question by:HardwareDude
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:agsapt
ID: 34240805
What's your OS ?


-=@gS=-
0
 
LVL 8

Accepted Solution

by:
epohl earned 2000 total points
ID: 34241205
You could use AcctInfo.dll , it will add an additional property page to AD that shows when the password was last changed. However it will just show the last change (them changing it back?). Without the logs no real history. I am assuming they are accessing it remotely so might be worth reviewing logs for printier mapping errors from Terminal Services if they used RWW.

http://www.petri.co.il/view_additional_user_information_in_aduc.htm
0
 

Author Comment

by:HardwareDude
ID: 34244855
Epohl-
Shucks, I already changed the password so they could not pull the same trick.
aqsapt-
SBS 2003
0
 
LVL 8

Expert Comment

by:epohl
ID: 34266420
How are they getting back in remotely ? RWW, RDP, VPN?
0
 

Author Comment

by:HardwareDude
ID: 34406388
They got in through RDP before I officially started working.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question