When was the password changed?

I have  a new client whose previous IT company has changed their Administrator password (out of spite is seems). Security logging in event viewer was not turned on. The screwing around happened in the last 24 hrs. Is there a way to see when they:
a) Logged in last.
b) Changed the Administrator password.
c) Made the users folders "Read Only" and changed shared folders shared settings.
Fortunatelly, I was not able to log in untill AFTER all this happened, and the client knows it so they are not seeing me as responsible for/
FYI- I am now able to log in (it seems they reset the password back to what it was supposed to be).
HardwareDudeAsked:
Who is Participating?
 
epohlConnect With a Mentor Commented:
You could use AcctInfo.dll , it will add an additional property page to AD that shows when the password was last changed. However it will just show the last change (them changing it back?). Without the logs no real history. I am assuming they are accessing it remotely so might be worth reviewing logs for printier mapping errors from Terminal Services if they used RWW.

http://www.petri.co.il/view_additional_user_information_in_aduc.htm
0
 
agsaptCommented:
What's your OS ?


-=@gS=-
0
 
HardwareDudeAuthor Commented:
Epohl-
Shucks, I already changed the password so they could not pull the same trick.
aqsapt-
SBS 2003
0
 
epohlCommented:
How are they getting back in remotely ? RWW, RDP, VPN?
0
 
HardwareDudeAuthor Commented:
They got in through RDP before I officially started working.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.