troubleshooting Question

Restoring SBS 2003 server after hack

Avatar of darkbluegr
darkbluegr asked on
Windows Server 2003SBSOS Security
18 Comments4 Solutions840 ViewsLast Modified:
hi, I temporarily put my SBS2003 on the public internet (configured my lan connection with public IP) and 3 hours later my domain admin password was changed.

fortunately all my data in D: drive (exchange store) and my user profiles (also in D) are intact.

I noticed however several new .dll and .txt files on the root of C: drive.

How can I recover my domain admin pass? or can I restore it to the previous one?

I can still log on locally with a limited -privilege user. if I run "net user administrator" on the command prompt, I see that the password was last changed 3 hours ago (and it wasn't us)

I have physical access to the machine and ideally i'd like to revert to our previous password.

Thank you.
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 4 Answers and 18 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 4 Answers and 18 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros