Solved

Windows Server 2008 R2 password and account issues

Posted on 2013-05-12
3
434 Views
Last Modified: 2013-05-28
Hi all, i have potentially a serious problem. i have recently installed a new server and setup remote desktop services for all the users. Only myself and 2 other usernames were administrator privileges, i got a call from on the staff members saying the password is not accepted and to ask if i changed it. I have since found all administrator account passwords are not working, some usernames are not even listed anymore in computer management and there are 2 more accounts setup as administrator access. These are called MicrosoftTM and Systems.

Can anybody please help me, is there a way to retreive the passwords, or perhaps restart the server with standard user access incase its just needs a reboot, or is it more serious and someone has gotten into the system and stuffed around with the settings.

I had a look through event viewer but could not see any logs that mention password changed or anything like that.
0
Comment
Question by:cybertechcomputers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 26

Accepted Solution

by:
Tony Johncock earned 500 total points
ID: 39160910
On the face of it, someone or something has compromised your systems.

It isn't uncommon for people to name an account something that would, at a casual glance, pass for a system or Microsoft account.

System / Sysetms - very close. There is no inbuilt account call Systems or MicrosoftTM.

Is the problem Domain-Wide?

If so, you may be better off isolating the RDS box (was this internet facing? Do you know for sure it was the attack platform?).

I would look to get hold of a boot-CD that can change the password on that machine and then trawl the logs to see if you can determine who, why and when it was changed.

If it's domain wide you will need to restore AD I'm afraid - I would do it in parallel with the above.

Do you have strong password policies in place? Many attack vectors for RDS on internet facing servers look for weak passwords on port 3389.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 39161034
Were any new group policies applied after your Server was put into production?
Even a simple task like moving a computer from existing OU or Computers container to another OU could result in new Group Policies being applied.

If you have local accounts then the restrited accounts policy could remove the other accounts.

Run:
gpresult /h gpresult.html
or
rsop.msc
to see the Group policy settings that are being applied to that computer.
0
 

Author Closing Comment

by:cybertechcomputers
ID: 39203640
Thank you for the replies, indeed it was some spyware junk on the server. I managed to reset the admin password and get back into the server. however it had continual virus related issues so in the end I had to reformat and start again. Fingers crossed it doesn't come back.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question