Solved

is it possible to log on to SBS server via local admin unauthorised?

Posted on 2014-10-01
3
267 Views
Last Modified: 2014-10-14
Hi, I am facing issues with a server where, every time I log on I am having to revert back to the domain to be able to logon.   When I have logged on in the past it has always defaulted to the domain\administrator so I enter the password and I am straight in.

recently when I then go to RDP back in, first of all I am getting randomly kicked off and secondly its as if there is another account that someone else is logging on to.  

I believe its not possible to have a local admin account on a DC but how do i check to see if someone is logging on to this server without authorisation, is there some logging software or a quick way to check logs etc?

I may just be being paranoid but when I last logged on there were some software that was open for auditing and I know I didn't open it and as far as I am aware or my client, nobody else has access..

Thoughts please?

Thanks

Chris
0
Comment
Question by:chrishoy-iis
3 Comments
 
LVL 8

Expert Comment

by:Acosta Technology Services
ID: 40354494
Check the security log for event ID 528.  That is the event for a successful logon.  If the other user is using the same account as you (kicking you off the sessions) then this won't work, but a quick password change would probably fix that.
0
 
LVL 13

Accepted Solution

by:
Andy M earned 500 total points
ID: 40354496
Hi Chris

No, an SBS server is always a domain controller so there won't be any local accounts - only the domain accounts. The 'Administrator' account name (and also admin) is a common target for hacking attempts so depending on how strong your password is it may have been compromised.

In this instance I would firstly prevent internet access to the server.
Reset the administrator password to something stronger (or even better - setup a domain admin account with a different name and disable the administrator account - make sure any services run under the new account before doing so)
I would then run a full anti-virus and anti-spyware scan on the system, check for any new applications that may have been installed.
It would also be worth checking through your AD to see if any strange looking/unknown accounts have been setup which may be also used to allow access to the server.

To check on logins the first port of call would be the Security log in event viewer as any login is recorded in there. There is also many different auditing software available as well as some batch/vb scripts that can create a log of when users log on when run as part of a startup script.
0
 

Author Closing Comment

by:chrishoy-iis
ID: 40379318
Checked all of the above and now secure from future access by anybody else.

Thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question