Solved

When was the password changed?

Posted on 2010-11-30
5
361 Views
Last Modified: 2012-05-10
I have  a new client whose previous IT company has changed their Administrator password (out of spite is seems). Security logging in event viewer was not turned on. The screwing around happened in the last 24 hrs. Is there a way to see when they:
a) Logged in last.
b) Changed the Administrator password.
c) Made the users folders "Read Only" and changed shared folders shared settings.
Fortunatelly, I was not able to log in untill AFTER all this happened, and the client knows it so they are not seeing me as responsible for/
FYI- I am now able to log in (it seems they reset the password back to what it was supposed to be).
0
Comment
Question by:HardwareDude
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:agsapt
ID: 34240805
What's your OS ?


-=@gS=-
0
 
LVL 8

Accepted Solution

by:
epohl earned 500 total points
ID: 34241205
You could use AcctInfo.dll , it will add an additional property page to AD that shows when the password was last changed. However it will just show the last change (them changing it back?). Without the logs no real history. I am assuming they are accessing it remotely so might be worth reviewing logs for printier mapping errors from Terminal Services if they used RWW.

http://www.petri.co.il/view_additional_user_information_in_aduc.htm
0
 

Author Comment

by:HardwareDude
ID: 34244855
Epohl-
Shucks, I already changed the password so they could not pull the same trick.
aqsapt-
SBS 2003
0
 
LVL 8

Expert Comment

by:epohl
ID: 34266420
How are they getting back in remotely ? RWW, RDP, VPN?
0
 

Author Comment

by:HardwareDude
ID: 34406388
They got in through RDP before I officially started working.
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question