I was working on my network all this week using remote desktop from several machines as I went back and forth making various updates. I went home and logged into my terminal server from remote desktop and to my horror someone logged in under my credentials and booted me off. I logged back in and booted him off. I shut down my terminal server.
I was using my main active directory administrator password. My firewall has a different password. So i think that is in tact.
I changed my password. It turns out my virus scanner was expired on the terminal server. I updated it and it found 33 viruses and I ran a trojen horse scanner. It appears the server is now clean.
Three ays went by and I am at home again and BOOM it happened again! Iwas booted off by another login using same credentials.
Could this be a hacker or is it an open rdp session that I may have left on at work and it just retries and logs back in?
I changed my admin password before I ran the virus scan. Could it have already broadcasted my new password to whomever may be tracking.
I don't know what to do at this point. Any help would be greatly appreciated. I'm worried other servers could be compromised.
Sometimes it necessary to set special permissions on user objects. For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…