Solved

When was the password changed?

Posted on 2010-11-30
5
328 Views
Last Modified: 2012-05-10
I have  a new client whose previous IT company has changed their Administrator password (out of spite is seems). Security logging in event viewer was not turned on. The screwing around happened in the last 24 hrs. Is there a way to see when they:
a) Logged in last.
b) Changed the Administrator password.
c) Made the users folders "Read Only" and changed shared folders shared settings.
Fortunatelly, I was not able to log in untill AFTER all this happened, and the client knows it so they are not seeing me as responsible for/
FYI- I am now able to log in (it seems they reset the password back to what it was supposed to be).
0
Comment
Question by:HardwareDude
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:agsapt
ID: 34240805
What's your OS ?


-=@gS=-
0
 
LVL 8

Accepted Solution

by:
epohl earned 500 total points
ID: 34241205
You could use AcctInfo.dll , it will add an additional property page to AD that shows when the password was last changed. However it will just show the last change (them changing it back?). Without the logs no real history. I am assuming they are accessing it remotely so might be worth reviewing logs for printier mapping errors from Terminal Services if they used RWW.

http://www.petri.co.il/view_additional_user_information_in_aduc.htm
0
 

Author Comment

by:HardwareDude
ID: 34244855
Epohl-
Shucks, I already changed the password so they could not pull the same trick.
aqsapt-
SBS 2003
0
 
LVL 8

Expert Comment

by:epohl
ID: 34266420
How are they getting back in remotely ? RWW, RDP, VPN?
0
 

Author Comment

by:HardwareDude
ID: 34406388
They got in through RDP before I officially started working.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SBS2011 RWW Failure 2 55
SBS Certificate Error 7 47
*** Hardware Malfunction Dell T610 7 57
SBS2011 - Supporting Win10 11 43
A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now