Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

When was the password changed?

Posted on 2010-11-30
5
Medium Priority
?
374 Views
Last Modified: 2012-05-10
I have  a new client whose previous IT company has changed their Administrator password (out of spite is seems). Security logging in event viewer was not turned on. The screwing around happened in the last 24 hrs. Is there a way to see when they:
a) Logged in last.
b) Changed the Administrator password.
c) Made the users folders "Read Only" and changed shared folders shared settings.
Fortunatelly, I was not able to log in untill AFTER all this happened, and the client knows it so they are not seeing me as responsible for/
FYI- I am now able to log in (it seems they reset the password back to what it was supposed to be).
0
Comment
Question by:HardwareDude
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:agsapt
ID: 34240805
What's your OS ?


-=@gS=-
0
 
LVL 8

Accepted Solution

by:
epohl earned 2000 total points
ID: 34241205
You could use AcctInfo.dll , it will add an additional property page to AD that shows when the password was last changed. However it will just show the last change (them changing it back?). Without the logs no real history. I am assuming they are accessing it remotely so might be worth reviewing logs for printier mapping errors from Terminal Services if they used RWW.

http://www.petri.co.il/view_additional_user_information_in_aduc.htm
0
 

Author Comment

by:HardwareDude
ID: 34244855
Epohl-
Shucks, I already changed the password so they could not pull the same trick.
aqsapt-
SBS 2003
0
 
LVL 8

Expert Comment

by:epohl
ID: 34266420
How are they getting back in remotely ? RWW, RDP, VPN?
0
 

Author Comment

by:HardwareDude
ID: 34406388
They got in through RDP before I officially started working.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question