I have a new client whose previous IT company has changed their Administrator password (out of spite is seems). Security logging in event viewer was not turned on. The screwing around happened in the last 24 hrs. Is there a way to see when they:
a) Logged in last.
b) Changed the Administrator password.
c) Made the users folders "Read Only" and changed shared folders shared settings.
Fortunatelly, I was not able to log in untill AFTER all this happened, and the client knows it so they are not seeing me as responsible for/
FYI- I am now able to log in (it seems they reset the password back to what it was supposed to be).